Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde Bug // Other Infections!?!


  • This topic is locked This topic is locked
12 replies to this topic

#1 JReich

JReich

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 07 October 2008 - 02:00 PM

I have done everything on the pre-guide to wiping my computer, all of which I did except for Bit defender and McAfee before coming to these forums. I'm running Microsoft Windows Vista.

For the past couple of days I have tried to open IE and Firefox when doing so they would crash. This problem seems to have been resolved with the running of Bit Defender or McAfee or some type of miracle not sure yet.

However I still have a host of spyware pop-ups, and ads still running around on my computer. Here is my HijackThis Log. Please Advise

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:00:32 PM, on 10/7/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Users\JReich\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Adobe\Adobe2\Adobe Dreamweaver CS4\Dreamweaver.exe
C:\Users\JReich\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JReich\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...P&M=GT5668E
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...P&M=GT5668E
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...P&M=GT5668E
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...P&M=GT5668E
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BM135351ed] Rundll32.exe "c:\windows\system32\pinokezo.dll",a
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\JReich\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [ketewodaja] Rundll32.exe "C:\Windows\system32\fevihife.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\vibuvemi.dll fzmzfy.dll,c:\windows\system32\pinokezo.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pinokezo.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pinokezo.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Service.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14060 bytes


Thanks

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:03 PM

Posted 08 October 2008 - 04:43 AM

Hello JReich,

Welcome to Bleeping Computer :thumbsup:

Please go to the following site : http://www.threatexpert.com/submit.aspx

In the "file to submit" area, please click the browse button and navigate to the following file :

c:\windows\system32\pinokezo.dll

Check the "I agree" box and when your file is uploaded, click submit.

Please post back with what it says when it's done analyzing the file.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 JReich

JReich
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 08 October 2008 - 12:33 PM

Submission details:
Submission received: 9 October 2008, 04:21:33
Processing time: 5 min 44 sec
Submitted sample:
File MD5: 0x4EEC38D47B6DE0E2B63EA681E0E7511E
Filesize: 86,580 bytes
Alias: Trojan:Win32/Vundo.gen!G [Microsoft]
Summary of the findings:

What's been found Severity Level
Creates a startup registry entry.
Uses the AppInit_DLLs value in order to install a module that will be loaded into the address space of every running application.
Registers a 32-bit in-process server DLL.


Technical Details:

File System Modifications
The following file was created in the system:
# Filename(s) File Size File MD5 Alias
1 [file and pathname of the sample #1] 86,580 bytes 0x4EEC38D47B6DE0E2B63EA681E0E7511E Trojan:Win32/Vundo.gen!G [Microsoft]


Memory Modifications
The following modules were loaded into the address space of other process(es):
Module Name Module Filename Address Space Details
[filename of the sample #1] [file and pathname of the sample #1] Process name: explorer.exe
Process filename: %Windir%\explorer.exe
Address space: 0x1940000 - 0x195E3BB
[filename of the sample #1] [file and pathname of the sample #1] Process name: dllhost.exe
Process filename: %System%\dllhost.exe
Address space: 0x10000000 - 0x1001E3BB
[filename of the sample #1] [file and pathname of the sample #1] Process name: sdnsmain.exe
Process filename: %Windir%\dns\sdnsmain.exe
Address space: 0x1600000 - 0x161E3BB
[filename of the sample #1] [file and pathname of the sample #1] Process name: [generic host process]
Process filename: [generic host process filename]
Address space: 0x10000000 - 0x1001E3BB
[filename of the sample #1] [file and pathname of the sample #1] Process name: IEXPLORE.EXE
Process filename: %ProgramFiles%\internet explorer\iexplore.exe
Address space: 0x10000000 - 0x1001E3BB
[filename of the sample #1] [file and pathname of the sample #1] Process name: VMwareUser.exe
Process filename: %ProgramFiles%\vmware\vmware tools\vmwareuser.exe
Address space: 0x10000000 - 0x1001E3BB
Notes:
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
[generic host process filename] is a full path filename of [generic host process].
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.


Registry Modifications
The following Registry Keys were created:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InprocServer32
The newly created Registry Values are:
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InprocServer32]
(Default) = "[file and pathname of the sample #1]"
ThreadingModel = "Both"
[[pathname with a string SHARE]\SharedTaskScheduler]
{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} = "STS"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
BM03fe2973 = "Rundll32.exe "[file and pathname of the sample #1]",a"

so that [file and pathname of the sample #1] runs every time Windows starts
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
SSODL = "{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
LoadAppInit_DLLs = 0x00000001
The following Registry Value was modified:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs = "[file and pathname of the sample #1]"

so that [file and pathname of the sample #1] runs every time a Windows application starts


Results of ThreatExpert

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:03 PM

Posted 08 October 2008 - 10:33 PM

Hello,

Thanks for that. :thumbsup:

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 JReich

JReich
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 08 October 2008 - 10:50 PM

COMBO FIX LOG

ComboFix 08-10-08.02 - JReich 2008-10-08 20:41:13.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1472 [GMT -7:00]
Running from: C:\Users\JReich\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-09-09 to 2008-10-09 )))))))))))))))))))))))))))))))
.

2008-10-07 16:27 . 2008-10-07 16:28 377,295,567 --a------ C:\Windows\MEMORY.DMP
2008-10-07 10:41 . 2008-10-07 10:41 850 --a------ C:\Windows\System32\ProductTweaks.xml
2008-10-07 10:41 . 2008-10-07 10:41 385 --a------ C:\Windows\System32\user_gensett.xml
2008-10-07 10:35 . 2008-10-07 10:35 <DIR> d-------- C:\Users\JReich\AppData\Roaming\BitDefender
2008-10-07 10:34 . 2008-10-07 10:36 <DIR> d-------- C:\Users\All Users\BitDefender
2008-10-07 10:34 . 2008-10-07 10:36 <DIR> d-------- C:\ProgramData\BitDefender
2008-10-07 10:34 . 2008-10-07 10:35 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-10-07 10:34 . 2008-10-07 10:34 <DIR> d-------- C:\Program Files\BitDefender
2008-10-06 21:40 . 2008-10-06 21:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-06 19:20 . 2008-10-06 19:20 <DIR> d-------- C:\Users\JReich\AppData\Roaming\SUPERAntiSpyware.com
2008-10-06 19:20 . 2008-10-06 19:20 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-10-06 19:20 . 2008-10-06 19:20 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-10-06 19:20 . 2008-10-07 16:31 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-10-06 17:33 . 2008-10-06 18:24 <DIR> d-------- C:\Users\All Users\SITEguard
2008-10-06 17:33 . 2008-10-06 18:24 <DIR> d-------- C:\ProgramData\SITEguard
2008-10-06 17:32 . 2008-10-08 20:19 <DIR> d-------- C:\Users\All Users\STOPzilla!
2008-10-06 17:32 . 2008-10-08 20:19 <DIR> d-------- C:\ProgramData\STOPzilla!
2008-10-06 17:32 . 2008-10-06 17:32 <DIR> d-------- C:\Program Files\STOPzilla!
2008-10-06 17:32 . 2008-10-06 17:32 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-10-06 17:24 . 2008-10-06 17:24 <DIR> d-------- C:\Program Files\Panda Security
2008-10-06 17:24 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys
2008-10-04 18:06 . 2008-10-04 18:06 <DIR> d-------- C:\Users\All Users\CheckPoint
2008-10-04 18:06 . 2008-10-04 18:06 <DIR> d-------- C:\ProgramData\CheckPoint
2008-10-04 18:06 . 2008-10-04 18:06 <DIR> d-------- C:\Program Files\Zone Labs
2008-10-04 18:06 . 2008-03-03 15:05 1,086,952 --a------ C:\Windows\System32\zpeng24.dll
2008-10-04 18:06 . 2008-03-03 15:06 279,440 --a------ C:\Windows\System32\drivers\~GLH0014.TMP
2008-10-04 18:05 . 2008-10-04 18:06 <DIR> d-------- C:\Windows\System32\ZoneLabs
2008-10-04 18:05 . 2008-10-07 16:27 352,615 --ah----- C:\Windows\System32\drivers\vsconfig.xml
2008-10-04 18:05 . 2008-03-03 15:06 279,440 --------- C:\Windows\System32\drivers\vsdatant.sys
2008-10-04 18:03 . 2008-10-08 20:45 <DIR> d-------- C:\Windows\Internet Logs
2008-10-04 16:36 . 2008-10-04 16:36 533 --a------ C:\Windows\eReg.dat
2008-10-03 11:34 . 2008-10-08 20:39 <DIR> d-------- C:\Users\JReich\AppData\Roaming\Xfire
2008-10-03 11:33 . 2008-10-08 18:34 <DIR> d-------- C:\Users\All Users\Xfire
2008-10-03 11:33 . 2008-10-08 18:34 <DIR> d-------- C:\ProgramData\Xfire
2008-10-03 11:33 . 2008-10-03 11:34 <DIR> d-------- C:\Program Files\Xfire
2008-10-02 13:43 . 2008-10-02 13:43 <DIR> d-------- C:\Users\JReich\AppData\Roaming\JGsoft
2008-10-02 13:43 . 2008-08-05 03:01 68,232 --a------ C:\Windows\UnDeployV.exe
2008-09-29 20:09 . 2008-10-03 12:04 <DIR> d-------- C:\Program Files\mjqcilc
2008-09-29 17:54 . 2008-10-03 12:07 <DIR> d-------- C:\Users\All Users\ejipmhyd
2008-09-29 17:54 . 2008-10-03 12:07 <DIR> d-------- C:\ProgramData\ejipmhyd
2008-09-29 17:54 . 2008-09-29 17:54 <DIR> d-------- C:\Program Files\ziiugcc
2008-09-29 16:18 . 2008-09-29 16:18 <DIR> d-------- C:\Users\JReich\AppData\Roaming\SmartFTP
2008-09-29 16:11 . 2008-09-29 16:11 <DIR> d-------- C:\Users\JReich\AppData\Roaming\Malwarebytes
2008-09-29 16:11 . 2008-09-29 16:11 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-09-29 16:11 . 2008-09-29 16:11 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-09-29 16:11 . 2008-09-29 16:11 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-29 16:11 . 2008-09-10 00:07 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-09-29 16:11 . 2008-09-10 00:07 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-09-28 16:53 . 2008-09-28 16:53 <DIR> d-------- C:\VundoFix Backups
2008-09-28 13:45 . 2008-09-28 13:44 102,664 --a------ C:\Windows\System32\drivers\tmcomm.sys
2008-09-28 13:44 . 2008-10-06 10:50 <DIR> d-------- C:\Users\JReich\.housecall6.6
2008-09-28 13:44 . 2008-09-28 13:44 410,976 --a------ C:\Windows\System32\deploytk.dll
2008-09-26 19:17 . 2008-09-29 19:17 <DIR> d-------- C:\Program Files\SmartFTP Client
2008-09-26 19:16 . 2008-09-29 19:16 <DIR> d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-09-26 01:22 . 2008-09-26 01:22 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-09-25 14:52 . 2008-10-06 17:02 <DIR> d-------- C:\Program Files\GameSpy Arcade
2008-09-24 12:34 . 2008-09-24 12:34 63 --a------ C:\Windows\ProductKeyExplorer.INI
2008-09-24 12:33 . 2008-09-24 12:33 <DIR> d-------- C:\Users\All Users\TEMP
2008-09-24 12:33 . 2008-09-24 12:33 <DIR> d-------- C:\ProgramData\TEMP
2008-09-24 12:27 . 2008-09-24 12:27 <DIR> d-------- C:\Program Files\JEDISware
2008-09-24 10:38 . 2008-09-24 18:11 <DIR> d-------- C:\Users\JReich\AppData\Roaming\Azureus
2008-09-24 10:38 . 2008-09-24 10:38 <DIR> d-------- C:\Users\All Users\Azureus
2008-09-24 10:38 . 2008-09-24 10:38 <DIR> d-------- C:\ProgramData\Azureus
2008-09-24 10:37 . 2008-09-24 10:47 <DIR> d-------- C:\Program Files\Vuze
2008-09-24 00:40 . 2008-09-26 16:37 <DIR> d-------- C:\Users\All Users\FLEXnet
2008-09-24 00:40 . 2008-09-26 16:37 <DIR> d-------- C:\ProgramData\FLEXnet
2008-09-23 17:25 . 2008-09-28 16:51 <DIR> d-------- C:\Users\JReich\AppData\Roaming\skypePM
2008-09-23 17:25 . 2008-09-23 17:25 56 --ah----- C:\Windows\System32\ezsidmv.dat
2008-09-23 17:24 . 2008-09-28 16:55 <DIR> d-------- C:\Users\JReich\AppData\Roaming\Skype
2008-09-23 17:22 . 2008-09-23 17:22 <DIR> d-------- C:\Users\All Users\Skype
2008-09-23 17:22 . 2008-09-23 17:22 <DIR> d-------- C:\ProgramData\Skype
2008-09-23 17:22 . 2008-09-23 17:22 <DIR> d-------- C:\Program Files\Skype
2008-09-23 17:22 . 2008-09-23 17:22 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-09-22 10:42 . 2008-09-22 10:42 <DIR> d-------- C:\Program Files\Virtual Earth 3D
2008-09-20 11:39 . 2008-09-20 11:39 <DIR> d-------- C:\Users\Room Guest\AppData\Roaming\BitTorrent
2008-09-20 02:40 . 2008-09-20 02:40 <DIR> d-------- C:\Users\JReich\AppData\Roaming\NCH Software
2008-09-20 02:40 . 2008-09-20 02:40 <DIR> d-------- C:\Users\All Users\NCH Software
2008-09-20 02:40 . 2008-09-20 02:40 <DIR> d-------- C:\ProgramData\NCH Software
2008-09-20 02:40 . 2008-09-20 02:40 <DIR> d-------- C:\Program Files\NCH Software
2008-09-20 02:32 . 2008-09-20 02:32 <DIR> d-------- C:\Users\JReich\AppData\Roaming\NCH Swift Sound
2008-09-20 02:32 . 2008-09-20 02:32 <DIR> d-------- C:\Users\All Users\NCH Swift Sound
2008-09-20 02:32 . 2008-09-20 02:32 <DIR> d-------- C:\ProgramData\NCH Swift Sound
2008-09-20 02:31 . 2008-09-20 02:31 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-09-18 23:03 . 2008-09-18 23:03 <DIR> d-------- C:\Program Files\BitPim
2008-09-18 22:58 . 2008-09-18 22:58 <DIR> d-------- C:\Program Files\LG Electronics
2008-09-18 22:58 . 2007-04-09 09:55 22,912 --a------ C:\Windows\System32\drivers\lgusbmodem.sys
2008-09-18 22:58 . 2007-04-09 09:56 21,248 --a------ C:\Windows\System32\drivers\lgusbdiag.sys
2008-09-18 22:58 . 2007-04-09 09:53 12,672 --a------ C:\Windows\System32\drivers\lgusbbus.sys
2008-09-18 14:52 . 2008-09-18 14:52 <DIR> d-------- C:\Users\All Users\Avg8
2008-09-18 14:52 . 2008-09-18 14:52 <DIR> d-------- C:\ProgramData\Avg8
2008-09-18 09:44 . 2008-09-18 09:44 2,302,017 --a------ C:\Windows\System32\GPhotos.scr
2008-09-17 22:09 . 2008-09-17 22:09 <DIR> d-------- C:\Program Files\The Weather Channel FW
2008-09-17 17:40 . 2008-09-17 17:40 42,320 --a------ C:\Windows\System32\xfcodec.dll
2008-09-17 17:13 . 2008-09-17 19:55 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-17 16:59 . 2008-09-17 16:59 <DIR> d-------- C:\Users\JReich\AppData\Roaming\PeerNetworking
2008-09-15 20:18 . 2008-09-15 20:18 <DIR> d-------- C:\Users\All Users\eSellerate
2008-09-15 20:18 . 2008-09-15 20:18 <DIR> d-------- C:\ProgramData\eSellerate
2008-09-15 20:18 . 2008-09-15 20:18 108,336 --a------ C:\Windows\MSWINSCK.ocx
2008-09-15 20:16 . 2008-09-15 20:16 <DIR> d-------- C:\Program Files\MSN Content Plus Inc
2008-09-15 02:11 . 2008-09-15 02:11 <DIR> d-------- C:\Users\All Users\WindowsSearch
2008-09-15 02:11 . 2008-09-15 02:11 <DIR> d-------- C:\ProgramData\WindowsSearch
2008-09-14 01:03 . 2008-09-14 01:03 <DIR> d-------- C:\Windows\System32\quicktime
2008-09-14 01:03 . 2008-10-06 17:37 <DIR> d-------- C:\Program Files\AVI Movie Player
2008-09-13 01:42 . 2008-09-13 01:42 <DIR> d-------- C:\Users\All Users\LightScribe
2008-09-13 01:42 . 2008-09-13 01:42 <DIR> d-------- C:\ProgramData\LightScribe
2008-09-13 01:41 . 2008-09-13 01:41 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-09-12 12:30 . 2008-07-30 18:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-12 12:30 . 2008-03-07 21:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-09-12 12:30 . 2008-04-22 21:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-09-12 12:30 . 2008-04-22 21:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-09-12 12:30 . 2008-04-22 21:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-09-12 12:30 . 2008-04-22 21:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-09-12 12:30 . 2008-07-30 20:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-11 15:44 . 2008-09-11 15:52 <DIR> d-------- C:\Users\JReich\AppData\Roaming\FruitfulTime TaskManager
2008-09-11 15:44 . 2008-09-11 15:44 <DIR> d-------- C:\Program Files\FruitfulTime
2008-09-11 12:37 . 2008-09-11 12:37 <DIR> d-------- C:\Users\Room Guest\Program Files
2008-09-11 12:37 . 2008-09-11 12:37 <DIR> d-------- C:\Users\Room Guest\AppData\Roaming\Nero
2008-09-11 12:37 . 2008-09-11 12:37 <DIR> d-------- C:\Users\Room Guest\AppData\Roaming\MySpace
2008-09-11 12:37 . 2008-09-20 23:54 <DIR> d-------- C:\Users\Room Guest\AppData\Roaming\DNA
2008-09-10 21:38 . 2008-09-10 21:40 <DIR> d-------- C:\Users\JReich\AppData\Roaming\IGN_DLM
2008-09-10 21:38 . 2008-09-10 21:38 <DIR> d-------- C:\Program Files\Download Manager
2008-09-10 19:57 . 2008-10-08 17:45 69 --a------ C:\Windows\NeroDigital.ini
2008-09-10 19:31 . 2008-09-10 19:31 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-09-10 19:13 . 2008-09-10 19:13 <DIR> d-------- C:\Users\JReich\AppData\Roaming\Nero
2008-09-10 19:11 . 2008-09-10 19:11 <DIR> d-------- C:\Users\All Users\Nero

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-09 00:06 --------- d-----w C:\Program Files\PowerArchiver
2008-10-08 19:04 --------- d-----w C:\ProgramData\Google Updater
2008-10-07 23:11 --------- d-----w C:\Users\JReich\AppData\Roaming\LimeWire
2008-10-07 02:15 --------- d-----w C:\Program Files\Google
2008-10-07 00:42 33,962,595 ----a-w C:\Windows\Internet Logs\vsmon_on_demand_2008_10_05_12_47_07_full.dmp.zip
2008-10-05 19:43 34,019,072 ----a-w C:\Windows\Internet Logs\vsmon_on_demand_2008_10_04_18_22_37_full.dmp.zip
2008-10-05 01:15 33,884,150 ----a-w C:\Windows\Internet Logs\vsmon_on_demand_2008_10_04_18_14_37_full.dmp.zip
2008-10-05 01:07 --------- d-----w C:\Users\JReich\AppData\Roaming\BitTorrent
2008-10-04 23:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-04 23:27 --------- d-----w C:\Program Files\EA Games
2008-10-03 04:32 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-01 20:07 86,580 ----a-w C:\Windows\System32\pinokezo.dll.vir
2008-09-28 20:43 --------- d-----w C:\Program Files\Java
2008-09-26 23:01 --------- d-----w C:\Program Files\TeamViewer3
2008-09-26 08:22 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-24 05:13 --------- d-----w C:\Program Files\Common Files\Steam
2008-09-23 01:50 --------- d-----w C:\Program Files\Electronic Arts
2008-09-20 17:16 139,664 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-09-20 17:16 111,928 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-09-16 06:23 --------- d-----w C:\Users\JReich\AppData\Roaming\TeamViewer
2008-09-12 19:31 --------- d-----w C:\Program Files\Windows Mail
2008-09-09 22:27 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-09 04:24 --------- d-----w C:\Program Files\MSXML 4.0
2008-09-07 05:08 --------- d-----w C:\Program Files\America's Army Server Manager
2008-09-07 05:06 --------- d-----w C:\Program Files\Logs
2008-09-07 01:07 --------- d-----w C:\Program Files\America's Army
2008-09-06 19:42 --------- d-----w C:\ProgramData\Logishrd
2008-09-06 19:34 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-09-06 19:33 --------- d-----w C:\ProgramData\Logitech
2008-09-06 19:33 --------- d-----w C:\Program Files\Logitech
2008-09-06 06:00 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2008-09-04 21:47 --------- d-----w C:\Users\Room Guest\AppData\Roaming\InstallShield
2008-09-04 19:06 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-09-04 02:54 --------- d-----w C:\ProgramData\Messenger Plus!
2008-09-04 02:44 --------- d-----w C:\Program Files\MagicDisc
2008-09-04 02:40 --------- d-----w C:\ProgramData\ConeXware
2008-09-04 01:57 --------- d-----w C:\Program Files\BitTorrent
2008-09-03 21:46 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-03 21:44 --------- d-----w C:\Program Files\Windows Live
2008-09-03 21:43 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-03 21:42 --------- d-----w C:\ProgramData\WLInstaller
2008-09-03 21:33 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-09-03 19:10 --------- d-----w C:\Program Files\LimeWire
2008-08-25 22:36 17,408 ----a-r C:\Windows\System32\SZIO5.dll
2008-08-25 22:35 262,144 ----a-r C:\Windows\System32\SZBase5.dll
2008-08-21 21:39 364,544 ----a-r C:\Windows\System32\IS3DBA5.dll
2008-08-21 21:39 126,976 ----a-r C:\Windows\System32\IS3HTUI5.dll
2008-08-21 21:38 61,440 ----a-r C:\Windows\System32\IS3Hks5.dll
2008-08-21 21:38 372,736 ----a-r C:\Windows\System32\IS3UI5.dll
2008-08-21 21:38 23,040 ----a-r C:\Windows\System32\IS3XDat5.dll
2008-08-21 21:37 94,208 ----a-r C:\Windows\System32\IS3Inet5.dll
2008-08-21 21:37 90,112 ----a-r C:\Windows\System32\IS3Svc5.dll
2008-08-21 21:37 212,992 ----a-r C:\Windows\System32\IS3Win325.dll
2008-08-21 21:34 708,608 ----a-r C:\Windows\System32\IS3Base5.dll
2008-08-13 01:40 228,672 ----a-w C:\Windows\system32\drivers\bdfsfltr.sys
2008-08-13 01:40 108,864 ----a-w C:\Windows\system32\drivers\bdfm.sys
2008-08-11 20:22 39,680 ----a-r C:\Windows\system32\drivers\SZKG.sys
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 05:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-10-06_18.43.54.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-07 17:36:32 61,440 ----a-r C:\Windows\Installer\{5DF86878-462F-41F2-96E0-E82EE57EC7D3}\helpicon.exe
+ 2008-10-07 17:36:32 32,768 ----a-r C:\Windows\Installer\{5DF86878-462F-41F2-96E0-E82EE57EC7D3}\maintenance_icon.exe
+ 2008-10-07 17:36:32 22,486 ----a-r C:\Windows\Installer\{5DF86878-462F-41F2-96E0-E82EE57EC7D3}\register_icon.exe
+ 2008-10-07 17:36:32 57,344 ----a-r C:\Windows\Installer\{5DF86878-462F-41F2-96E0-E82EE57EC7D3}\texticon.exe
+ 2008-10-07 02:20:09 18,944 ----a-r C:\Windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-10-07 02:20:09 65,024 ----a-r C:\Windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2008-10-07 23:27:26 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-07 23:27:26 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-10-07 01:37:35 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-09 03:38:08 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-10-07 01:37:35 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-07 23:29:35 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2007-04-11 02:11:20 511,328 ----a-w C:\Windows\System32\capicom.dll
+ 2007-04-11 18:11:20 511,328 ----a-w C:\Windows\System32\capicom.dll
- 2008-10-07 01:37:13 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-08 19:04:54 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-07 01:37:13 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-08 19:04:54 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-07 01:37:13 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-08 19:04:54 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-07 01:30:05 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-10-09 03:41:08 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2002-01-05 10:48:16 974,848 ----a-w C:\Windows\System32\mfc70.dll
+ 2002-01-05 10:36:38 964,608 ----a-w C:\Windows\System32\mfc70u.dll
- 2007-03-23 04:28:06 1,066,544 ------w C:\Windows\System32\MFC71.dll
+ 2003-03-19 04:20:00 1,060,864 ----a-w C:\Windows\System32\mfc71.dll
- 2007-03-23 04:28:10 1,053,232 ------w C:\Windows\System32\MFC71u.dll
+ 2003-03-19 04:12:12 1,047,552 ----a-w C:\Windows\System32\mfc71u.dll
+ 2002-01-05 10:38:38 54,784 ----a-w C:\Windows\System32\msvci70.dll
+ 2002-01-05 10:40:20 487,424 ----a-w C:\Windows\System32\msvcp70.dll
- 2003-03-18 11:14:52 499,712 ----a-w C:\Windows\System32\msvcp71.dll
+ 2003-03-19 03:14:52 499,712 ----a-w C:\Windows\System32\msvcp71.dll
- 2002-01-05 03:37:28 344,064 ----a-w C:\Windows\System32\msvcr70.dll
+ 2002-01-05 09:37:28 344,064 ----a-w C:\Windows\System32\msvcr70.dll
- 2003-02-20 19:42:22 348,160 ----a-w C:\Windows\System32\msvcr71.dll
+ 2003-02-21 11:42:22 348,160 ----a-w C:\Windows\System32\msvcr71.dll
- 2008-10-07 00:43:05 106,014 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-10-07 23:34:15 106,014 ----a-w C:\Windows\System32\perfc009.dat
- 2008-10-07 00:43:05 607,118 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-10-07 23:34:15 607,118 ----a-w C:\Windows\System32\perfh009.dat
- 2008-09-23 01:50:40 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-10-07 17:40:05 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-04-24 01:34:48 176,128 ----a-w C:\Windows\System32\txmlutil.dll
- 2008-10-07 00:38:56 6,786 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-211023370-562865107-2750974251-1000_UserData.bin
+ 2008-10-07 04:09:19 6,954 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-211023370-562865107-2750974251-1000_UserData.bin
- 2008-10-07 00:38:56 83,806 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-07 23:30:10 86,298 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-10-05 01:09:08 2,694 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-10-07 04:06:28 2,694 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-10-07 00:38:32 49,962 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-10-07 17:42:51 50,854 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-01-31 21:50:32 913,408 ----a-w C:\Windows\System32\xreglib.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\JReich\AppData\Local\Google\Update\GoogleUpdate.exe" [2007-12-31 133104]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-31 39408]
"PowerArchiver Tray"="C:\Program Files\PowerArchiver\PASTARTER.EXE" [2007-11-30 140328]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2008-08-01 1103216]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-08-22 2363392]
"DW6"="C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-09-16 789616]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-10-07 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 51048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-09-28 144792]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-11-28 134808]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 959976]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" [2008-10-07 716800]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" [2008-08-10 69632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2008-01-18 40072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]

C:\Users\JReich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-09-03 575488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\Windows\system32\vibuvemi.dll fzmzfy.dll,c:\windows\system32\pinokezo.dll
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-211023370-562865107-2750974251-1000]
"EnableNotificationsRef"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-211023370-562865107-2750974251-1003]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{20151F37-D5DB-4C53-B1AD-1E578104EADB}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{330B137B-F3F6-4222-9552-51AEF81F4568}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{52991664-B90F-4151-B86D-D01262A177A4}"= UDP:C:\Program Files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{92038279-0961-4F53-B110-AA09E5AD0773}"= TCP:C:\Program Files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{5CEC54C6-B86C-4576-878F-3EF8135154BA}"= UDP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{0DA40D13-FD95-4600-B4C2-E05F4530D8C8}"= TCP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"TCP Query User{71E9CE1B-DD88-402B-9841-E3E2A4BCCBE1}C:\\program files\\valve\\steam\\steamapps\\jordanreich\\counter-strike\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\jordanreich\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{1CD45851-88A9-4896-BE4F-0970A6F29CE5}C:\\program files\\valve\\steam\\steamapps\\jordanreich\\counter-strike\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\jordanreich\counter-strike\hl.exe:Half-Life Launcher
"{97661A0C-6957-4947-91F1-B37A94155CDF}"= C:\Program Files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{11F72510-5C5E-4270-88D5-D40A810E2199}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6C0DC9DD-FC18-4258-ADD8-7AF44A7A4BBF}"= UDP:C:\Program Files\DNA\btdna.exe:DNA (TCP-In)
"{AF64336A-B398-4EB9-8680-C47C6E04B216}"= TCP:C:\Program Files\DNA\btdna.exe:DNA (UDP-In)
"{74158EB2-BE5C-4D16-B187-99F100DBC134}"= UDP:C:\Program Files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{903F07AA-55A8-4C89-9402-11968DBF26B1}"= TCP:C:\Program Files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
"{B29B1DBD-F06D-4D1B-BF61-7B9D51EB627F}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{50B142B0-BB17-49AA-AC95-F9859BA5355C}C:\\program files\\valve\\steam\\steamapps\\jordanreich\\condition zero\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\jordanreich\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{C7512FDD-4C79-4352-BAF6-D7117243FCDB}C:\\program files\\valve\\steam\\steamapps\\jordanreich\\condition zero\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\jordanreich\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{D98CBC31-9838-47B0-93C1-934F64E43F93}C:\\program files\\ea games\\command & conquer the first decade\\command & conquer red alert™ ii\\ra2\\gamemd.exe"= UDP:C:\program files\ea games\command & conquer the first decade\command & conquer red alert™ ii\ra2\gamemd.exe:Main executable for Yuri's Revenge
"UDP Query User{68562323-85AC-46A8-A3C8-A804254EC053}C:\\program files\\ea games\\command & conquer the first decade\\command & conquer red alert™ ii\\ra2\\gamemd.exe"= TCP:C:\program files\ea games\command & conquer the first decade\command & conquer red alert™ ii\ra2\gamemd.exe:Main executable for Yuri's Revenge
"TCP Query User{F7F3D694-992B-4500-8E1D-2AC012EC470D}C:\\program files\\valve\\steam\\steamapps\\jordanreich\\day of defeat\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\jordanreich\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{68862D22-3EB8-46C3-8E53-6FF97DD911E8}C:\\program files\\valve\\steam\\steamapps\\jordanreich\\day of defeat\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\jordanreich\day of defeat\hl.exe:Half-Life Launcher
"TCP Query User{3692EDF1-491F-486B-B66B-7AEC282DF653}C:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:C:\program files\wolfenstein - enemy territory\et.exe:ET
"UDP Query User{3D1AC69C-6F28-4BCA-B53A-D6D3E5F9AC13}C:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:C:\program files\wolfenstein - enemy territory\et.exe:ET
"TCP Query User{EAC58435-98EA-4075-9915-18FBD3CDC420}C:\\program files\\america's army\\system\\server.exe"= UDP:C:\program files\america's army\system\server.exe:Server
"UDP Query User{B3F29440-FBC8-426E-A7C2-FE5BD34049F7}C:\\program files\\america's army\\system\\server.exe"= TCP:C:\program files\america's army\system\server.exe:Server
"TCP Query User{C6B29052-94EB-464D-AF36-8B60F6A277B4}C:\\program files\\america's army\\system\\armyops.exe"= UDP:C:\program files\america's army\system\armyops.exe:ArmyOps
"UDP Query User{B69BE04C-8055-440F-9544-CC8EE7686D22}C:\\program files\\america's army\\system\\armyops.exe"= TCP:C:\program files\america's army\system\armyops.exe:ArmyOps
"{B6AE9A9E-A1AF-4B11-83FA-3D4AD541FE66}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{79647923-F214-4692-B0EB-D69EBBDFCA1C}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{C24C8CCA-B556-4527-87B4-F4DFCB8BF1BC}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{BCE69331-1056-44BC-B5A8-7BE32087D1DD}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{3BE1C123-222E-4345-B37A-A9D911464EDC}"= UDP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk
"{9FD72C25-1A04-4403-BFBE-F78BD96B9E4D}"= TCP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk
"TCP Query User{BD15B1FB-7909-4430-B8C8-64B1425D1180}C:\\program files\\electronic arts\\battlefield 2142 server\\bf2142_w32ded.exe"= UDP:C:\program files\electronic arts\battlefield 2142 server\bf2142_w32ded.exe:BF2142_w32ded
"UDP Query User{1D192D12-414E-4310-BF17-895737EE5F63}C:\\program files\\electronic arts\\battlefield 2142 server\\bf2142_w32ded.exe"= TCP:C:\program files\electronic arts\battlefield 2142 server\bf2142_w32ded.exe:BF2142_w32ded
"{B2778A0E-8374-4783-8744-FD2D9FC9F418}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{27755CDD-7C9B-4E35-B3D5-E9838772DCF1}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{84544CEA-D9CD-4137-A61C-79C4F1E5F7D9}C:\\program files\\teamviewer3\\teamviewer.exe"= UDP:C:\program files\teamviewer3\teamviewer.exe:TeamViewer Remote Control Application
"UDP Query User{E1E7C501-8F37-4EA6-AA67-35F51CC880D5}C:\\program files\\teamviewer3\\teamviewer.exe"= TCP:C:\program files\teamviewer3\teamviewer.exe:TeamViewer Remote Control Application
"{BD73D9E0-5A36-4AFA-9F86-DB065CC366C1}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{2C965DDB-27A6-4EA0-9D78-A158C5B67AC1}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"TCP Query User{FA3BC99B-25BE-4635-BF09-C8FF96177102}C:\\users\\jreich\\appdata\\local\\google\\chrome\\application\\chrome.exe"= UDP:C:\users\jreich\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"UDP Query User{72F3FFE7-6DB3-49E7-A5BE-D12C406F4107}C:\\users\\jreich\\appdata\\local\\google\\chrome\\application\\chrome.exe"= TCP:C:\users\jreich\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"{53E8FBC5-F735-48B3-B6AF-5D64DE8D4492}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{102F610D-86D1-4685-962D-10B1E957C667}C:\\program files\\vuze\\azureus.exe"= UDP:C:\program files\vuze\azureus.exe:Azureus
"UDP Query User{93FA5C7E-43D2-4A7E-9519-18AA47765BDD}C:\\program files\\vuze\\azureus.exe"= TCP:C:\program files\vuze\azureus.exe:Azureus
"TCP Query User{4C0F9920-0D03-4F95-8348-5DC6E28D33B3}C:\\program files\\vuze\\testobject1.exe"= UDP:C:\program files\vuze\testobject1.exe:TestObject1
"UDP Query User{48B3CDB2-657C-4D09-B8BA-6BAD67CD98CE}C:\\program files\\vuze\\testobject1.exe"= TCP:C:\program files\vuze\testobject1.exe:TestObject1
"{34C71E25-E016-4349-8B62-1608FC7063A8}"= UDP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{A14C48C4-512F-4E24-9BF6-1B455F3B5BBD}"= TCP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{88462627-83C7-46AC-9988-A0B264EF81E2}"= UDP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{60FA970B-AB27-4183-8CF4-801BF6C9D125}"= TCP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 28544]
R0 szkg5;szkg;C:\Windows\system32\DRIVERS\szkg.sys [2008-08-11 39680]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
R2 TeamViewer;TeamViewer 3;C:\Program Files\TeamViewer3\TeamViewer_Service.exe [2008-09-25 181544]
R3 SaiH0464;SaiH0464;C:\Windows\system32\DRIVERS\SaiH0464.sys [2008-03-31 136832]
S3 Arrakis3;BitDefender Arrakis Server;C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 bdfm;BDFM;C:\Windows\system32\drivers\bdfm.sys [2008-08-12 108864]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
S3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-05-11 43520]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-09-23 92656]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{097cdedc-0201-11dd-b259-806e6f6e6963}]
\shell\AutoRun\command - E:\Autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2008-10-08 C:\Windows\Tasks\GoogleUpdateTaskUser.job
- C:\Users\JReich\AppData\Local\Google\Update\GoogleUpdate.exe [2007-12-31 13:57]

2008-10-07 C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-07 10:42]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-BM135351ed - c:\windows\system32\pinokezo.dll
SharedTaskScheduler-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pinokezo.dll
SSODL-SSODL-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pinokezo.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5668E
R0 -: HKLM-Main,Start Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5668E
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: Add to Google Photos Screensa&ver
O8 -: E&xport to Microsoft Excel
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-08 20:45:46
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Users\JReich\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\system32\winlogon.exe
-> c:\windows\system32\pinokezo.dll

PROCESS: C:\Windows\system32\lsass.exe
-> c:\windows\system32\pinokezo.dll
.
Completion time: 2008-10-08 20:47:01
ComboFix-quarantined-files.txt 2008-10-09 03:46:43
ComboFix2.txt 2008-10-07 01:47:03

Pre-Run: 215,772,798,976 bytes free
Post-Run: 215,758,721,024 bytes free

452 --- E O F --- 2008-09-21 06:55:21



HIJACK THIS LOG FILE

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:49:59 PM, on 10/8/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Users\JReich\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\Explorer.exe
C:\Users\JReich\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JReich\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...P&M=GT5668E
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...P&M=GT5668E
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [BM135351ed] Rundll32.exe "c:\windows\system32\pinokezo.dll",a
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\JReich\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [ketewodaja] Rundll32.exe "C:\Windows\system32\fevihife.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\vibuvemi.dll fzmzfy.dll,c:\windows\system32\pinokezo.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pinokezo.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pinokezo.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Service.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13551 bytes


Thanks

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:03 PM

Posted 09 October 2008 - 12:11 AM

Hello,

You ran it twice, now I have no clue what all it deleted. :thumbsup:

* Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quote box below into notepad:

Folder::
C:\Program Files\mjqcilc
C:\Users\All Users\ejipmhyd
C:\ProgramData\ejipmhyd
C:\Program Files\ziiugcc
C:\VundoFix Backups

File::
C:\Windows\System32\pinokezo.dll.vir
C:\Windows\system32\vibuvemi.dll
c:\windows\system32\pinokezo.dll


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again.

After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Please delete VundoFix also.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 JReich

JReich
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 09 October 2008 - 12:33 AM

COMBO FIX LOG

ComboFix 08-10-08.02 - JReich 2008-10-08 22:19:49.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1586 [GMT -7:00]
Running from: C:\Users\JReich\Desktop\ComboFix.exe
Command switches used :: C:\Users\JReich\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\system32\pinokezo.dll
C:\Windows\System32\pinokezo.dll.vir
C:\Windows\system32\vibuvemi.dll
.
The following files were disabled during the run:
c:\windows\system32\pinokezo.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\mjqcilc
C:\Program Files\ziiugcc
C:\Program Files\ziiugcc\dbsmartset.dll
C:\ProgramData\ejipmhyd
C:\VundoFix Backups
c:\Windows\System32\pinokezo.dll.vir

.
((((((((((((((((((((((((( Files Created from 2008-09-09 to 2008-10-09 )))))))))))))))))))))))))))))))
.

2008-10-07 16:27 . 2008-10-07 16:28 377,295,567 --a------ C:\Windows\MEMORY.DMP
2008-10-07 10:41 . 2008-10-07 10:41 850 --a------ C:\Windows\System32\ProductTweaks.xml
2008-10-07 10:41 . 2008-10-07 10:41 385 --a------ C:\Windows\System32\user_gensett.xml
2008-10-07 10:35 . 2008-10-07 10:35 <DIR> d-------- C:\Users\JReich\AppData\Roaming\BitDefender
2008-10-07 10:34 . 2008-10-07 10:36 <DIR> d-------- C:\Users\All Users\BitDefender
2008-10-07 10:34 . 2008-10-07 10:36 <DIR> d-------- C:\ProgramData\BitDefender
2008-10-07 10:34 . 2008-10-07 10:35 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-10-07 10:34 . 2008-10-07 10:34 <DIR> d-------- C:\Program Files\BitDefender
2008-10-06 21:40 . 2008-10-06 21:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-06 19:20 . 2008-10-06 19:20 <DIR> d-------- C:\Users\JReich\AppData\Roaming\SUPERAntiSpyware.com
2008-10-06 19:20 . 2008-10-06 19:20 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-10-06 19:20 . 2008-10-06 19:20 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-10-06 19:20 . 2008-10-07 16:31 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-10-06 17:33 . 2008-10-06 18:24 <DIR> d-------- C:\Users\All Users\SITEguard
2008-10-06 17:33 . 2008-10-06 18:24 <DIR> d-------- C:\ProgramData\SITEguard
2008-10-06 17:32 . 2008-10-08 21:57 <DIR> d-------- C:\Users\All Users\STOPzilla!
2008-10-06 17:32 . 2008-10-08 21:57 <DIR> d-------- C:\ProgramData\STOPzilla!
2008-10-06 17:32 . 2008-10-06 17:32 <DIR> d-------- C:\Program Files\STOPzilla!
2008-10-06 17:32 . 2008-10-06 17:32 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-10-06 17:24 . 2008-10-06 17:24 <DIR> d-------- C:\Program Files\Panda Security
2008-10-06 17:24 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys
2008-10-04 18:06 . 2008-10-04 18:06 <DIR> d-------- C:\Users\All Users\CheckPoint
2008-10-04 18:06 . 2008-10-04 18:06 <DIR> d-------- C:\ProgramData\CheckPoint
2008-10-04 18:06 . 2008-10-04 18:06 <DIR> d-------- C:\Program Files\Zone Labs
2008-10-04 18:06 . 2008-03-03 15:05 1,086,952 --a------ C:\Windows\System32\zpeng24.dll
2008-10-04 18:06 . 2008-03-03 15:06 279,440 --a------ C:\Windows\System32\drivers\~GLH0014.TMP
2008-10-04 18:05 . 2008-10-04 18:06 <DIR> d-------- C:\Windows\System32\ZoneLabs
2008-10-04 18:05 . 2008-10-08 20:54 352,615 --ah----- C:\Windows\System32\drivers\vsconfig.xml
2008-10-04 18:05 . 2008-03-03 15:06 279,440 --------- C:\Windows\System32\drivers\vsdatant.sys
2008-10-04 18:03 . 2008-10-08 22:25 <DIR> d-------- C:\Windows\Internet Logs
2008-10-04 16:36 . 2008-10-04 16:36 533 --a------ C:\Windows\eReg.dat
2008-10-03 11:34 . 2008-10-08 20:39 <DIR> d-------- C:\Users\JReich\AppData\Roaming\Xfire
2008-10-03 11:33 . 2008-10-08 18:34 <DIR> d-------- C:\Users\All Users\Xfire
2008-10-03 11:33 . 2008-10-08 18:34 <DIR> d-------- C:\ProgramData\Xfire
2008-10-03 11:33 . 2008-10-03 11:34 <DIR> d-------- C:\Program Files\Xfire
2008-10-02 13:43 . 2008-10-02 13:43 <DIR> d-------- C:\Users\JReich\AppData\Roaming\JGsoft
2008-10-02 13:43 . 2008-08-05 03:01 68,232 --a------ C:\Windows\UnDeployV.exe
2008-09-29 16:18 . 2008-09-29 16:18 <DIR> d-------- C:\Users\JReich\AppData\Roaming\SmartFTP
2008-09-29 16:11 . 2008-09-29 16:11 <DIR> d-------- C:\Users\JReich\AppData\Roaming\Malwarebytes
2008-09-29 16:11 . 2008-09-29 16:11 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-09-29 16:11 . 2008-09-29 16:11 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-09-29 16:11 . 2008-09-29 16:11 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-29 16:11 . 2008-09-10 00:07 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-09-29 16:11 . 2008-09-10 00:07 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-09-28 13:45 . 2008-09-28 13:44 102,664 --a------ C:\Windows\System32\drivers\tmcomm.sys
2008-09-28 13:44 . 2008-10-06 10:50 <DIR> d-------- C:\Users\JReich\.housecall6.6
2008-09-28 13:44 . 2008-09-28 13:44 410,976 --a------ C:\Windows\System32\deploytk.dll
2008-09-26 19:17 . 2008-09-29 19:17 <DIR> d-------- C:\Program Files\SmartFTP Client
2008-09-26 19:16 . 2008-09-29 19:16 <DIR> d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-09-26 01:22 . 2008-09-26 01:22 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-09-25 14:52 . 2008-10-06 17:02 <DIR> d-------- C:\Program Files\GameSpy Arcade
2008-09-24 12:34 . 2008-09-24 12:34 63 --a------ C:\Windows\ProductKeyExplorer.INI
2008-09-24 12:33 . 2008-09-24 12:33 <DIR> d-------- C:\Users\All Users\TEMP
2008-09-24 12:33 . 2008-09-24 12:33 <DIR> d-------- C:\ProgramData\TEMP
2008-09-24 12:27 . 2008-09-24 12:27 <DIR> d-------- C:\Program Files\JEDISware
2008-09-24 10:38 . 2008-09-24 18:11 <DIR> d-------- C:\Users\JReich\AppData\Roaming\Azureus
2008-09-24 10:38 . 2008-09-24 10:38 <DIR> d-------- C:\Users\All Users\Azureus
2008-09-24 10:38 . 2008-09-24 10:38 <DIR> d-------- C:\ProgramData\Azureus
2008-09-24 10:37 . 2008-09-24 10:47 <DIR> d-------- C:\Program Files\Vuze
2008-09-24 00:40 . 2008-09-26 16:37 <DIR> d-------- C:\Users\All Users\FLEXnet
2008-09-24 00:40 . 2008-09-26 16:37 <DIR> d-------- C:\ProgramData\FLEXnet
2008-09-23 17:25 . 2008-09-28 16:51 <DIR> d-------- C:\Users\JReich\AppData\Roaming\skypePM
2008-09-23 17:25 . 2008-09-23 17:25 56 --ah----- C:\Windows\System32\ezsidmv.dat
2008-09-23 17:24 . 2008-09-28 16:55 <DIR> d-------- C:\Users\JReich\AppData\Roaming\Skype
2008-09-23 17:22 . 2008-09-23 17:22 <DIR> d-------- C:\Users\All Users\Skype
2008-09-23 17:22 . 2008-09-23 17:22 <DIR> d-------- C:\ProgramData\Skype
2008-09-23 17:22 . 2008-09-23 17:22 <DIR> d-------- C:\Program Files\Skype
2008-09-23 17:22 . 2008-09-23 17:22 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-09-22 10:42 . 2008-09-22 10:42 <DIR> d-------- C:\Program Files\Virtual Earth 3D
2008-09-20 11:39 . 2008-09-20 11:39 <DIR> d-------- C:\Users\Room Guest\AppData\Roaming\BitTorrent
2008-09-20 02:40 . 2008-09-20 02:40 <DIR> d-------- C:\Users\JReich\AppData\Roaming\NCH Software
2008-09-20 02:40 . 2008-09-20 02:40 <DIR> d-------- C:\Users\All Users\NCH Software
2008-09-20 02:40 . 2008-09-20 02:40 <DIR> d-------- C:\ProgramData\NCH Software
2008-09-20 02:40 . 2008-09-20 02:40 <DIR> d-------- C:\Program Files\NCH Software
2008-09-20 02:32 . 2008-09-20 02:32 <DIR> d-------- C:\Users\JReich\AppData\Roaming\NCH Swift Sound
2008-09-20 02:32 . 2008-09-20 02:32 <DIR> d-------- C:\Users\All Users\NCH Swift Sound
2008-09-20 02:32 . 2008-09-20 02:32 <DIR> d-------- C:\ProgramData\NCH Swift Sound
2008-09-20 02:31 . 2008-09-20 02:31 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-09-18 23:03 . 2008-09-18 23:03 <DIR> d-------- C:\Program Files\BitPim
2008-09-18 22:58 . 2008-09-18 22:58 <DIR> d-------- C:\Program Files\LG Electronics
2008-09-18 22:58 . 2007-04-09 09:55 22,912 --a------ C:\Windows\System32\drivers\lgusbmodem.sys
2008-09-18 22:58 . 2007-04-09 09:56 21,248 --a------ C:\Windows\System32\drivers\lgusbdiag.sys
2008-09-18 22:58 . 2007-04-09 09:53 12,672 --a------ C:\Windows\System32\drivers\lgusbbus.sys
2008-09-18 14:52 . 2008-09-18 14:52 <DIR> d-------- C:\Users\All Users\Avg8
2008-09-18 14:52 . 2008-09-18 14:52 <DIR> d-------- C:\ProgramData\Avg8
2008-09-18 09:44 . 2008-09-18 09:44 2,302,017 --a------ C:\Windows\System32\GPhotos.scr
2008-09-17 22:09 . 2008-09-17 22:09 <DIR> d-------- C:\Program Files\The Weather Channel FW
2008-09-17 17:40 . 2008-09-17 17:40 42,320 --a------ C:\Windows\System32\xfcodec.dll
2008-09-17 17:13 . 2008-09-17 19:55 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-17 16:59 . 2008-09-17 16:59 <DIR> d-------- C:\Users\JReich\AppData\Roaming\PeerNetworking
2008-09-15 20:18 . 2008-09-15 20:18 <DIR> d-------- C:\Users\All Users\eSellerate
2008-09-15 20:18 . 2008-09-15 20:18 <DIR> d-------- C:\ProgramData\eSellerate
2008-09-15 20:18 . 2008-09-15 20:18 108,336 --a------ C:\Windows\MSWINSCK.ocx
2008-09-15 20:16 . 2008-09-15 20:16 <DIR> d-------- C:\Program Files\MSN Content Plus Inc
2008-09-15 02:11 . 2008-09-15 02:11 <DIR> d-------- C:\Users\All Users\WindowsSearch
2008-09-15 02:11 . 2008-09-15 02:11 <DIR> d-------- C:\ProgramData\WindowsSearch
2008-09-14 01:03 . 2008-09-14 01:03 <DIR> d-------- C:\Windows\System32\quicktime
2008-09-14 01:03 . 2008-10-06 17:37 <DIR> d-------- C:\Program Files\AVI Movie Player
2008-09-13 01:42 . 2008-09-13 01:42 <DIR> d-------- C:\Users\All Users\LightScribe
2008-09-13 01:42 . 2008-09-13 01:42 <DIR> d-------- C:\ProgramData\LightScribe
2008-09-13 01:41 . 2008-09-13 01:41 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-09-12 12:30 . 2008-07-30 18:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-12 12:30 . 2008-03-07 21:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-09-12 12:30 . 2008-04-22 21:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-09-12 12:30 . 2008-04-22 21:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-09-12 12:30 . 2008-04-22 21:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-09-12 12:30 . 2008-04-22 21:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-09-12 12:30 . 2008-07-30 20:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-11 15:44 . 2008-09-11 15:52 <DIR> d-------- C:\Users\JReich\AppData\Roaming\FruitfulTime TaskManager
2008-09-11 15:44 . 2008-09-11 15:44 <DIR> d-------- C:\Program Files\FruitfulTime
2008-09-11 12:37 . 2008-09-11 12:37 <DIR> d-------- C:\Users\Room Guest\Program Files
2008-09-11 12:37 . 2008-09-11 12:37 <DIR> d-------- C:\Users\Room Guest\AppData\Roaming\Nero
2008-09-11 12:37 . 2008-09-11 12:37 <DIR> d-------- C:\Users\Room Guest\AppData\Roaming\MySpace
2008-09-11 12:37 . 2008-09-20 23:54 <DIR> d-------- C:\Users\Room Guest\AppData\Roaming\DNA
2008-09-10 21:38 . 2008-09-10 21:40 <DIR> d-------- C:\Users\JReich\AppData\Roaming\IGN_DLM
2008-09-10 21:38 . 2008-09-10 21:38 <DIR> d-------- C:\Program Files\Download Manager
2008-09-10 19:57 . 2008-10-08 21:37 69 --a------ C:\Windows\NeroDigital.ini
2008-09-10 19:31 . 2008-09-10 19:31 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-09-10 19:13 . 2008-09-10 19:13 <DIR> d-------- C:\Users\JReich\AppData\Roaming\Nero
2008-09-10 19:11 . 2008-09-10 19:11 <DIR> d-------- C:\Users\All Users\Nero
2008-09-10 19:11 . 2008-09-10 19:11 <DIR> d-------- C:\ProgramData\Nero
2008-09-10 19:11 . 2008-09-10 19:11 <DIR> d-------- C:\Program Files\Nero
2008-09-10 19:11 . 2008-09-10 19:12 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-09-10 18:36 . 2008-09-10 18:38 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-09-10 18:36 . 2008-09-10 18:38 <DIR> d-------- C:\ProgramData\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-09 04:40 --------- d-----w C:\Program Files\PowerArchiver
2008-10-08 19:04 --------- d-----w C:\ProgramData\Google Updater
2008-10-07 23:11 --------- d-----w C:\Users\JReich\AppData\Roaming\LimeWire
2008-10-07 02:15 --------- d-----w C:\Program Files\Google
2008-10-07 00:42 33,962,595 ----a-w C:\Windows\Internet Logs\vsmon_on_demand_2008_10_05_12_47_07_full.dmp.zip
2008-10-05 19:43 34,019,072 ----a-w C:\Windows\Internet Logs\vsmon_on_demand_2008_10_04_18_22_37_full.dmp.zip
2008-10-05 01:15 33,884,150 ----a-w C:\Windows\Internet Logs\vsmon_on_demand_2008_10_04_18_14_37_full.dmp.zip
2008-10-05 01:07 --------- d-----w C:\Users\JReich\AppData\Roaming\BitTorrent
2008-10-04 23:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-04 23:27 --------- d-----w C:\Program Files\EA Games
2008-10-03 04:32 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-28 20:43 --------- d-----w C:\Program Files\Java
2008-09-26 23:01 --------- d-----w C:\Program Files\TeamViewer3
2008-09-26 08:22 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-24 05:13 --------- d-----w C:\Program Files\Common Files\Steam
2008-09-23 01:50 --------- d-----w C:\Program Files\Electronic Arts
2008-09-20 17:16 139,664 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-09-20 17:16 111,928 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-09-16 06:23 --------- d-----w C:\Users\JReich\AppData\Roaming\TeamViewer
2008-09-12 19:31 --------- d-----w C:\Program Files\Windows Mail
2008-09-09 22:27 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-09 04:24 --------- d-----w C:\Program Files\MSXML 4.0
2008-09-07 05:08 --------- d-----w C:\Program Files\America's Army Server Manager
2008-09-07 05:06 --------- d-----w C:\Program Files\Logs
2008-09-07 01:07 --------- d-----w C:\Program Files\America's Army
2008-09-06 19:42 --------- d-----w C:\ProgramData\Logishrd
2008-09-06 19:34 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-09-06 19:33 --------- d-----w C:\ProgramData\Logitech
2008-09-06 19:33 --------- d-----w C:\Program Files\Logitech
2008-09-06 06:00 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2008-09-04 21:47 --------- d-----w C:\Users\Room Guest\AppData\Roaming\InstallShield
2008-09-04 19:06 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-09-04 02:54 --------- d-----w C:\ProgramData\Messenger Plus!
2008-09-04 02:44 --------- d-----w C:\Program Files\MagicDisc
2008-09-04 02:40 --------- d-----w C:\ProgramData\ConeXware
2008-09-04 01:57 --------- d-----w C:\Program Files\BitTorrent
2008-09-03 21:46 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-03 21:44 --------- d-----w C:\Program Files\Windows Live
2008-09-03 21:43 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-03 21:42 --------- d-----w C:\ProgramData\WLInstaller
2008-09-03 21:33 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-09-03 19:10 --------- d-----w C:\Program Files\LimeWire
2008-08-25 22:36 17,408 ----a-r C:\Windows\System32\SZIO5.dll
2008-08-25 22:35 262,144 ----a-r C:\Windows\System32\SZBase5.dll
2008-08-21 21:39 364,544 ----a-r C:\Windows\System32\IS3DBA5.dll
2008-08-21 21:39 126,976 ----a-r C:\Windows\System32\IS3HTUI5.dll
2008-08-21 21:38 61,440 ----a-r C:\Windows\System32\IS3Hks5.dll
2008-08-21 21:38 372,736 ----a-r C:\Windows\System32\IS3UI5.dll
2008-08-21 21:38 23,040 ----a-r C:\Windows\System32\IS3XDat5.dll
2008-08-21 21:37 94,208 ----a-r C:\Windows\System32\IS3Inet5.dll
2008-08-21 21:37 90,112 ----a-r C:\Windows\System32\IS3Svc5.dll
2008-08-21 21:37 212,992 ----a-r C:\Windows\System32\IS3Win325.dll
2008-08-21 21:34 708,608 ----a-r C:\Windows\System32\IS3Base5.dll
2008-08-13 01:40 228,672 ----a-w C:\Windows\system32\drivers\bdfsfltr.sys
2008-08-13 01:40 108,864 ----a-w C:\Windows\system32\drivers\bdfm.sys
2008-08-11 20:22 39,680 ----a-r C:\Windows\system32\drivers\SZKG.sys
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 05:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot_2008-10-08_20.46.22.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-07 23:27:26 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-09 03:54:03 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-10-07 23:27:26 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-10-09 03:54:03 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-10-09 03:38:08 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-09 03:55:53 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-10-07 23:29:35 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-09 03:55:44 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-10-08 19:04:54 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-09 04:20:12 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-08 19:04:54 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-09 04:20:12 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-08 19:04:54 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-09 04:20:12 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-07 23:34:15 106,014 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-10-09 03:58:50 106,014 ----a-w C:\Windows\System32\perfc009.dat
- 2008-10-07 23:34:15 607,118 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-10-09 03:58:50 607,118 ----a-w C:\Windows\System32\perfh009.dat
- 2008-10-07 04:09:19 6,954 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-211023370-562865107-2750974251-1000_UserData.bin
+ 2008-10-09 03:56:08 6,962 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-211023370-562865107-2750974251-1000_UserData.bin
- 2008-10-07 23:30:10 86,298 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-09 03:56:08 86,426 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\JReich\AppData\Local\Google\Update\GoogleUpdate.exe" [2007-12-31 133104]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-31 39408]
"PowerArchiver Tray"="C:\Program Files\PowerArchiver\PASTARTER.EXE" [2007-11-30 140328]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2008-08-01 1103216]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-08-22 2363392]
"DW6"="C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-09-16 789616]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-10-07 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 51048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-09-28 144792]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-11-28 134808]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 959976]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" [2008-10-07 716800]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" [2008-08-10 69632]
"BM135351ed"="c:\windows\system32\pinokezo.dll" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2008-01-18 40072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]

C:\Users\JReich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-09-03 575488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"= "c:\windows\system32\pinokezo.dll" [BU]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"= {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pinokezo.dll [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\Windows\system32\vibuvemi.dll fzmzfy.dll,c:\windows\system32\pinokezo.dll
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-211023370-562865107-2750974251-1000]
"EnableNotificationsRef"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-211023370-562865107-2750974251-1003]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{20151F37-D5DB-4C53-B1AD-1E578104EADB}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{330B137B-F3F6-4222-9552-51AEF81F4568}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{52991664-B90F-4151-B86D-D01262A177A4}"= UDP:C:\Program Files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{92038279-0961-4F53-B110-AA09E5AD0773}"= TCP:C:\Program Files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{5CEC54C6-B86C-4576-878F-3EF8135154BA}"= UDP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{0DA40D13-FD95-4600-B4C2-E05F4530D8C8}"= TCP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"TCP Query User{71E9CE1B-DD88-402B-9841-E3E2A4BCCBE1}C:\\program files\\valve\\steam\\steamapps\\jordanreich\\counter-strike\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\jordanreich\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{1CD45851-88A9-4896-BE4F-0970A6F29CE5}C:\\program files\\valve\\steam\\steamapps\\jordanreich\\counter-strike\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\jordanreich\counter-strike\hl.exe:Half-Life Launcher
"{97661A0C-6957-4947-91F1-B37A94155CDF}"= C:\Program Files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{11F72510-5C5E-4270-88D5-D40A810E2199}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6C0DC9DD-FC18-4258-ADD8-7AF44A7A4BBF}"= UDP:C:\Program Files\DNA\btdna.exe:DNA (TCP-In)
"{AF64336A-B398-4EB9-8680-C47C6E04B216}"= TCP:C:\Program Files\DNA\btdna.exe:DNA (UDP-In)
"{74158EB2-BE5C-4D16-B187-99F100DBC134}"= UDP:C:\Program Files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{903F07AA-55A8-4C89-9402-11968DBF26B1}"= TCP:C:\Program Files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
"{B29B1DBD-F06D-4D1B-BF61-7B9D51EB627F}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{50B142B0-BB17-49AA-AC95-F9859BA5355C}C:\\program files\\valve\\steam\\steamapps\\jordanreich\\condition zero\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\jordanreich\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{C7512FDD-4C79-4352-BAF6-D7117243FCDB}C:\\program files\\valve\\steam\\steamapps\\jordanreich\\condition zero\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\jordanreich\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{D98CBC31-9838-47B0-93C1-934F64E43F93}C:\\program files\\ea games\\command & conquer the first decade\\command & conquer red alert™ ii\\ra2\\gamemd.exe"= UDP:C:\program files\ea games\command & conquer the first decade\command & conquer red alert™ ii\ra2\gamemd.exe:Main executable for Yuri's Revenge
"UDP Query User{68562323-85AC-46A8-A3C8-A804254EC053}C:\\program files\\ea games\\command & conquer the first decade\\command & conquer red alert™ ii\\ra2\\gamemd.exe"= TCP:C:\program files\ea games\command & conquer the first decade\command & conquer red alert™ ii\ra2\gamemd.exe:Main executable for Yuri's Revenge
"TCP Query User{F7F3D694-992B-4500-8E1D-2AC012EC470D}C:\\program files\\valve\\steam\\steamapps\\jordanreich\\day of defeat\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\jordanreich\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{68862D22-3EB8-46C3-8E53-6FF97DD911E8}C:\\program files\\valve\\steam\\steamapps\\jordanreich\\day of defeat\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\jordanreich\day of defeat\hl.exe:Half-Life Launcher
"TCP Query User{3692EDF1-491F-486B-B66B-7AEC282DF653}C:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:C:\program files\wolfenstein - enemy territory\et.exe:ET
"UDP Query User{3D1AC69C-6F28-4BCA-B53A-D6D3E5F9AC13}C:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:C:\program files\wolfenstein - enemy territory\et.exe:ET
"TCP Query User{EAC58435-98EA-4075-9915-18FBD3CDC420}C:\\program files\\america's army\\system\\server.exe"= UDP:C:\program files\america's army\system\server.exe:Server
"UDP Query User{B3F29440-FBC8-426E-A7C2-FE5BD34049F7}C:\\program files\\america's army\\system\\server.exe"= TCP:C:\program files\america's army\system\server.exe:Server
"TCP Query User{C6B29052-94EB-464D-AF36-8B60F6A277B4}C:\\program files\\america's army\\system\\armyops.exe"= UDP:C:\program files\america's army\system\armyops.exe:ArmyOps
"UDP Query User{B69BE04C-8055-440F-9544-CC8EE7686D22}C:\\program files\\america's army\\system\\armyops.exe"= TCP:C:\program files\america's army\system\armyops.exe:ArmyOps
"{B6AE9A9E-A1AF-4B11-83FA-3D4AD541FE66}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{79647923-F214-4692-B0EB-D69EBBDFCA1C}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{C24C8CCA-B556-4527-87B4-F4DFCB8BF1BC}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{BCE69331-1056-44BC-B5A8-7BE32087D1DD}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{3BE1C123-222E-4345-B37A-A9D911464EDC}"= UDP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk
"{9FD72C25-1A04-4403-BFBE-F78BD96B9E4D}"= TCP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk
"TCP Query User{BD15B1FB-7909-4430-B8C8-64B1425D1180}C:\\program files\\electronic arts\\battlefield 2142 server\\bf2142_w32ded.exe"= UDP:C:\program files\electronic arts\battlefield 2142 server\bf2142_w32ded.exe:BF2142_w32ded
"UDP Query User{1D192D12-414E-4310-BF17-895737EE5F63}C:\\program files\\electronic arts\\battlefield 2142 server\\bf2142_w32ded.exe"= TCP:C:\program files\electronic arts\battlefield 2142 server\bf2142_w32ded.exe:BF2142_w32ded
"{B2778A0E-8374-4783-8744-FD2D9FC9F418}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{27755CDD-7C9B-4E35-B3D5-E9838772DCF1}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{84544CEA-D9CD-4137-A61C-79C4F1E5F7D9}C:\\program files\\teamviewer3\\teamviewer.exe"= UDP:C:\program files\teamviewer3\teamviewer.exe:TeamViewer Remote Control Application
"UDP Query User{E1E7C501-8F37-4EA6-AA67-35F51CC880D5}C:\\program files\\teamviewer3\\teamviewer.exe"= TCP:C:\program files\teamviewer3\teamviewer.exe:TeamViewer Remote Control Application
"{BD73D9E0-5A36-4AFA-9F86-DB065CC366C1}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{2C965DDB-27A6-4EA0-9D78-A158C5B67AC1}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"TCP Query User{FA3BC99B-25BE-4635-BF09-C8FF96177102}C:\\users\\jreich\\appdata\\local\\google\\chrome\\application\\chrome.exe"= UDP:C:\users\jreich\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"UDP Query User{72F3FFE7-6DB3-49E7-A5BE-D12C406F4107}C:\\users\\jreich\\appdata\\local\\google\\chrome\\application\\chrome.exe"= TCP:C:\users\jreich\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"{53E8FBC5-F735-48B3-B6AF-5D64DE8D4492}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{102F610D-86D1-4685-962D-10B1E957C667}C:\\program files\\vuze\\azureus.exe"= UDP:C:\program files\vuze\azureus.exe:Azureus
"UDP Query User{93FA5C7E-43D2-4A7E-9519-18AA47765BDD}C:\\program files\\vuze\\azureus.exe"= TCP:C:\program files\vuze\azureus.exe:Azureus
"TCP Query User{4C0F9920-0D03-4F95-8348-5DC6E28D33B3}C:\\program files\\vuze\\testobject1.exe"= UDP:C:\program files\vuze\testobject1.exe:TestObject1
"UDP Query User{48B3CDB2-657C-4D09-B8BA-6BAD67CD98CE}C:\\program files\\vuze\\testobject1.exe"= TCP:C:\program files\vuze\testobject1.exe:TestObject1
"{34C71E25-E016-4349-8B62-1608FC7063A8}"= UDP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{A14C48C4-512F-4E24-9BF6-1B455F3B5BBD}"= TCP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{88462627-83C7-46AC-9988-A0B264EF81E2}"= UDP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{60FA970B-AB27-4183-8CF4-801BF6C9D125}"= TCP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 28544]
R0 szkg5;szkg;C:\Windows\system32\DRIVERS\szkg.sys [2008-08-11 39680]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
R2 TeamViewer;TeamViewer 3;C:\Program Files\TeamViewer3\TeamViewer_Service.exe [2008-09-25 181544]
R3 bdfm;BDFM;C:\Windows\system32\drivers\bdfm.sys [2008-08-12 108864]
R3 SaiH0464;SaiH0464;C:\Windows\system32\DRIVERS\SaiH0464.sys [2008-03-31 136832]
S3 Arrakis3;BitDefender Arrakis Server;C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
S3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-05-11 43520]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-09-23 92656]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{097cdedc-0201-11dd-b259-806e6f6e6963}]
\shell\AutoRun\command - E:\Autorun.exe

*Newly Created Service* - SASDIFSV

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2008-10-08 C:\Windows\Tasks\GoogleUpdateTaskUser.job
- C:\Users\JReich\AppData\Local\Google\Update\GoogleUpdate.exe [2007-12-31 13:57]

2008-10-09 C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-07 10:42]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-08 22:25:44
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Users\JReich\AppData\Local\Microsoft\Outlook\~Internet Calendar Subscriptions.pst.tmp 0 bytes
C:\Users\JReich\AppData\Local\Microsoft\Outlook\~OutlWillamette University-00000004.pst.tmp 0 bytes

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\system32\winlogon.exe
-> c:\windows\system32\pinokezo.dll

PROCESS: C:\Windows\system32\lsass.exe
-> c:\windows\system32\pinokezo.dll
.
Completion time: 2008-10-08 22:27:41
ComboFix-quarantined-files.txt 2008-10-09 05:27:16
ComboFix2.txt 2008-10-09 03:47:07
ComboFix3.txt 2008-10-07 01:47:03

Pre-Run: 215,112,802,304 bytes free
Post-Run: 215,087,689,728 bytes free

430 --- E O F --- 2008-09-21 06:55:21


HIJACKTHIS LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:30 PM, on 10/8/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Users\JReich\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Users\JReich\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Users\JReich\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...P&M=GT5668E
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...P&M=GT5668E
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [BM135351ed] Rundll32.exe "c:\windows\system32\pinokezo.dll",a
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\JReich\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [ketewodaja] Rundll32.exe "C:\Windows\system32\fevihife.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\vibuvemi.dll fzmzfy.dll,c:\windows\system32\pinokezo.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pinokezo.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pinokezo.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Service.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13496 bytes


Thanks

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:03 PM

Posted 09 October 2008 - 07:31 PM

Hello,

Thanks for that, and you're welcome. :thumbsup:

How is it running now please?

Please download Malwarebytes' Anti-Malware from one of these places:
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 JReich

JReich
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 09 October 2008 - 11:32 PM

It does seem to be running much better and I appreciate your help! Unless you see some other additional HIJACKTHIS problem that might take care of it, but I'll leave that up to you.

I did see this in the list below

O4 - HKLM\..\Run: [BM135351ed] Rundll32.exe "c:\windows\system32\pinokezo.dll",a


I remember that file either being deleted or disabled before, so I'm curious if thats a problem?

Thanks again!

Malware Scan

Malwarebytes' Anti-Malware 1.28
Database version: 1222
Windows 6.0.6001 Service Pack 1

10/9/2008 9:30:16 PM
mbam-log-2008-10-09 (21-30-16).txt

Scan type: Quick Scan
Objects scanned: 48016
Time elapsed: 2 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


HIJACKTHIS Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:31:12 PM, on 10/9/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Users\JReich\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Users\JReich\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Users\JReich\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JReich\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JReich\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Xfire\xfire.exe
C:\Users\JReich\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JReich\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JReich\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JReich\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...P&M=GT5668E
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...P&M=GT5668E
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [BM135351ed] Rundll32.exe "c:\windows\system32\pinokezo.dll",a
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\JReich\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [ketewodaja] Rundll32.exe "C:\Windows\system32\fevihife.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\vibuvemi.dll fzmzfy.dll,c:\windows\system32\pinokezo.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pinokezo.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pinokezo.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Service.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14095 bytes


Edited by JReich, 09 October 2008 - 11:34 PM.


#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:03 PM

Posted 09 October 2008 - 11:51 PM

Hello,

Please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [BM135351ed] Rundll32.exe "c:\windows\system32\pinokezo.dll",a
O4 - HKUS\S-1-5-19\..\Run: [ketewodaja] Rundll32.exe "C:\Windows\system32\fevihife.dll",s (User 'LOCAL SERVICE')
O20 - AppInit_DLLs: C:\Windows\system32\vibuvemi.dll fzmzfy.dll,c:\windows\system32\pinokezo.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pinokezo.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pinokezo.dll (file missing)


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Navigate to and delete these files, if present:

c:\windows\system32\pinokezo.dll
C:\Windows\system32\fevihife.dll

Reboot your computer into normal mode.

Now please run ComboFix again and post the report, along with a new HijackThis log, and let me know how it's running. :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 JReich

JReich
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 10 October 2008 - 12:41 AM

COMBO FIX LOG

ComboFix 08-10-08.02 - JReich 2008-10-09 22:08:03.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1955 [GMT -7:00]
Running from: C:\Users\JReich\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-09-10 to 2008-10-10 )))))))))))))))))))))))))))))))
.

2008-10-07 16:27 . 2008-10-07 16:28 377,295,567 --a------ C:\Windows\MEMORY.DMP
2008-10-07 10:41 . 2008-10-07 10:41 850 --a------ C:\Windows\System32\ProductTweaks.xml
2008-10-07 10:41 . 2008-10-07 10:41 385 --a------ C:\Windows\System32\user_gensett.xml
2008-10-07 10:35 . 2008-10-07 10:35 <DIR> d-------- C:\Users\JReich\AppData\Roaming\BitDefender
2008-10-07 10:34 . 2008-10-07 10:36 <DIR> d-------- C:\Users\All Users\BitDefender
2008-10-07 10:34 . 2008-10-07 10:36 <DIR> d-------- C:\ProgramData\BitDefender
2008-10-07 10:34 . 2008-10-07 10:35 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-10-07 10:34 . 2008-10-07 10:34 <DIR> d-------- C:\Program Files\BitDefender
2008-10-06 21:40 . 2008-10-06 21:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-06 19:20 . 2008-10-06 19:20 <DIR> d-------- C:\Users\JReich\AppData\Roaming\SUPERAntiSpyware.com
2008-10-06 19:20 . 2008-10-06 19:20 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-10-06 19:20 . 2008-10-06 19:20 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-10-06 19:20 . 2008-10-07 16:31 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-10-06 17:33 . 2008-10-06 18:24 <DIR> d-------- C:\Users\All Users\SITEguard
2008-10-06 17:33 . 2008-10-06 18:24 <DIR> d-------- C:\ProgramData\SITEguard
2008-10-06 17:32 . 2008-10-09 22:04 <DIR> d-------- C:\Users\All Users\STOPzilla!
2008-10-06 17:32 . 2008-10-09 22:04 <DIR> d-------- C:\ProgramData\STOPzilla!
2008-10-06 17:32 . 2008-10-06 17:32 <DIR> d-------- C:\Program Files\STOPzilla!
2008-10-06 17:32 . 2008-10-06 17:32 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-10-06 17:24 . 2008-10-06 17:24 <DIR> d-------- C:\Program Files\Panda Security
2008-10-06 17:24 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys
2008-10-04 18:06 . 2008-10-04 18:06 <DIR> d-------- C:\Users\All Users\CheckPoint
2008-10-04 18:06 . 2008-10-04 18:06 <DIR> d-------- C:\ProgramData\CheckPoint
2008-10-04 18:06 . 2008-10-04 18:06 <DIR> d-------- C:\Program Files\Zone Labs
2008-10-04 18:06 . 2008-03-03 15:05 1,086,952 --a------ C:\Windows\System32\zpeng24.dll
2008-10-04 18:06 . 2008-03-03 15:06 279,440 --a------ C:\Windows\System32\drivers\~GLH0014.TMP
2008-10-04 18:05 . 2008-10-04 18:06 <DIR> d-------- C:\Windows\System32\ZoneLabs
2008-10-04 18:05 . 2008-10-09 22:04 352,615 --ah----- C:\Windows\System32\drivers\vsconfig.xml
2008-10-04 18:05 . 2008-03-03 15:06 279,440 --------- C:\Windows\System32\drivers\vsdatant.sys
2008-10-04 18:03 . 2008-10-09 22:08 <DIR> d-------- C:\Windows\Internet Logs
2008-10-04 16:36 . 2008-10-04 16:36 533 --a------ C:\Windows\eReg.dat
2008-10-03 11:34 . 2008-10-09 15:16 <DIR> d-------- C:\Users\JReich\AppData\Roaming\Xfire
2008-10-03 11:33 . 2008-10-08 18:34 <DIR> d-------- C:\Users\All Users\Xfire
2008-10-03 11:33 . 2008-10-08 18:34 <DIR> d-------- C:\ProgramData\Xfire
2008-10-03 11:33 . 2008-10-03 11:34 <DIR> d-------- C:\Program Files\Xfire
2008-10-02 13:43 . 2008-10-02 13:43 <DIR> d-------- C:\Users\JReich\AppData\Roaming\JGsoft
2008-10-02 13:43 . 2008-08-05 03:01 68,232 --a------ C:\Windows\UnDeployV.exe
2008-09-29 16:18 . 2008-09-29 16:18 <DIR> d-------- C:\Users\JReich\AppData\Roaming\SmartFTP
2008-09-29 16:11 . 2008-09-29 16:11 <DIR> d-------- C:\Users\JReich\AppData\Roaming\Malwarebytes
2008-09-29 16:11 . 2008-09-29 16:11 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-09-29 16:11 . 2008-09-29 16:11 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-09-29 16:11 . 2008-09-29 16:11 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-29 16:11 . 2008-09-10 00:07 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-09-29 16:11 . 2008-09-10 00:07 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-09-28 13:45 . 2008-09-28 13:44 102,664 --a------ C:\Windows\System32\drivers\tmcomm.sys
2008-09-28 13:44 . 2008-10-06 10:50 <DIR> d-------- C:\Users\JReich\.housecall6.6
2008-09-28 13:44 . 2008-09-28 13:44 410,976 --a------ C:\Windows\System32\deploytk.dll
2008-09-26 19:17 . 2008-09-29 19:17 <DIR> d-------- C:\Program Files\SmartFTP Client
2008-09-26 19:16 . 2008-09-29 19:16 <DIR> d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-09-26 01:22 . 2008-09-26 01:22 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-09-25 14:52 . 2008-10-06 17:02 <DIR> d-------- C:\Program Files\GameSpy Arcade
2008-09-24 12:34 . 2008-09-24 12:34 63 --a------ C:\Windows\ProductKeyExplorer.INI
2008-09-24 12:33 . 2008-09-24 12:33 <DIR> d-------- C:\Users\All Users\TEMP
2008-09-24 12:33 . 2008-09-24 12:33 <DIR> d-------- C:\ProgramData\TEMP
2008-09-24 12:27 . 2008-09-24 12:27 <DIR> d-------- C:\Program Files\JEDISware
2008-09-24 10:38 . 2008-09-24 18:11 <DIR> d-------- C:\Users\JReich\AppData\Roaming\Azureus
2008-09-24 10:38 . 2008-09-24 10:38 <DIR> d-------- C:\Users\All Users\Azureus
2008-09-24 10:38 . 2008-09-24 10:38 <DIR> d-------- C:\ProgramData\Azureus
2008-09-24 10:37 . 2008-09-24 10:47 <DIR> d-------- C:\Program Files\Vuze
2008-09-24 00:40 . 2008-09-26 16:37 <DIR> d-------- C:\Users\All Users\FLEXnet
2008-09-24 00:40 . 2008-09-26 16:37 <DIR> d-------- C:\ProgramData\FLEXnet
2008-09-23 17:25 . 2008-09-28 16:51 <DIR> d-------- C:\Users\JReich\AppData\Roaming\skypePM
2008-09-23 17:25 . 2008-09-23 17:25 56 --ah----- C:\Windows\System32\ezsidmv.dat
2008-09-23 17:24 . 2008-09-28 16:55 <DIR> d-------- C:\Users\JReich\AppData\Roaming\Skype
2008-09-23 17:22 . 2008-09-23 17:22 <DIR> d-------- C:\Users\All Users\Skype
2008-09-23 17:22 . 2008-09-23 17:22 <DIR> d-------- C:\ProgramData\Skype
2008-09-23 17:22 . 2008-09-23 17:22 <DIR> d-------- C:\Program Files\Skype
2008-09-23 17:22 . 2008-09-23 17:22 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-09-22 10:42 . 2008-09-22 10:42 <DIR> d-------- C:\Program Files\Virtual Earth 3D
2008-09-20 11:39 . 2008-09-20 11:39 <DIR> d-------- C:\Users\Room Guest\AppData\Roaming\BitTorrent
2008-09-20 02:40 . 2008-09-20 02:40 <DIR> d-------- C:\Users\JReich\AppData\Roaming\NCH Software
2008-09-20 02:40 . 2008-09-20 02:40 <DIR> d-------- C:\Users\All Users\NCH Software
2008-09-20 02:40 . 2008-09-20 02:40 <DIR> d-------- C:\ProgramData\NCH Software
2008-09-20 02:40 . 2008-09-20 02:40 <DIR> d-------- C:\Program Files\NCH Software
2008-09-20 02:32 . 2008-09-20 02:32 <DIR> d-------- C:\Users\JReich\AppData\Roaming\NCH Swift Sound
2008-09-20 02:32 . 2008-09-20 02:32 <DIR> d-------- C:\Users\All Users\NCH Swift Sound
2008-09-20 02:32 . 2008-09-20 02:32 <DIR> d-------- C:\ProgramData\NCH Swift Sound
2008-09-20 02:31 . 2008-09-20 02:31 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-09-18 23:03 . 2008-09-18 23:03 <DIR> d-------- C:\Program Files\BitPim
2008-09-18 22:58 . 2008-09-18 22:58 <DIR> d-------- C:\Program Files\LG Electronics
2008-09-18 22:58 . 2007-04-09 09:55 22,912 --a------ C:\Windows\System32\drivers\lgusbmodem.sys
2008-09-18 22:58 . 2007-04-09 09:56 21,248 --a------ C:\Windows\System32\drivers\lgusbdiag.sys
2008-09-18 22:58 . 2007-04-09 09:53 12,672 --a------ C:\Windows\System32\drivers\lgusbbus.sys
2008-09-18 14:52 . 2008-09-18 14:52 <DIR> d-------- C:\Users\All Users\Avg8
2008-09-18 14:52 . 2008-09-18 14:52 <DIR> d-------- C:\ProgramData\Avg8
2008-09-18 09:44 . 2008-09-18 09:44 2,302,017 --a------ C:\Windows\System32\GPhotos.scr
2008-09-17 22:09 . 2008-09-17 22:09 <DIR> d-------- C:\Program Files\The Weather Channel FW
2008-09-17 17:40 . 2008-09-17 17:40 42,320 --a------ C:\Windows\System32\xfcodec.dll
2008-09-17 17:13 . 2008-09-17 19:55 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-17 16:59 . 2008-09-17 16:59 <DIR> d-------- C:\Users\JReich\AppData\Roaming\PeerNetworking
2008-09-15 20:18 . 2008-09-15 20:18 <DIR> d-------- C:\Users\All Users\eSellerate
2008-09-15 20:18 . 2008-09-15 20:18 <DIR> d-------- C:\ProgramData\eSellerate
2008-09-15 20:18 . 2008-09-15 20:18 108,336 --a------ C:\Windows\MSWINSCK.ocx
2008-09-15 20:16 . 2008-09-15 20:16 <DIR> d-------- C:\Program Files\MSN Content Plus Inc
2008-09-15 02:11 . 2008-09-15 02:11 <DIR> d-------- C:\Users\All Users\WindowsSearch
2008-09-15 02:11 . 2008-09-15 02:11 <DIR> d-------- C:\ProgramData\WindowsSearch
2008-09-14 01:03 . 2008-09-14 01:03 <DIR> d-------- C:\Windows\System32\quicktime
2008-09-14 01:03 . 2008-10-06 17:37 <DIR> d-------- C:\Program Files\AVI Movie Player
2008-09-13 01:42 . 2008-09-13 01:42 <DIR> d-------- C:\Users\All Users\LightScribe
2008-09-13 01:42 . 2008-09-13 01:42 <DIR> d-------- C:\ProgramData\LightScribe
2008-09-13 01:41 . 2008-09-13 01:41 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-09-12 12:30 . 2008-07-30 18:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-12 12:30 . 2008-03-07 21:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-09-12 12:30 . 2008-04-22 21:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-09-12 12:30 . 2008-04-22 21:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-09-12 12:30 . 2008-04-22 21:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-09-12 12:30 . 2008-04-22 21:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-09-12 12:30 . 2008-07-30 20:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-11 15:44 . 2008-09-11 15:52 <DIR> d-------- C:\Users\JReich\AppData\Roaming\FruitfulTime TaskManager
2008-09-11 15:44 . 2008-09-11 15:44 <DIR> d-------- C:\Program Files\FruitfulTime
2008-09-11 12:37 . 2008-09-11 12:37 <DIR> d-------- C:\Users\Room Guest\Program Files
2008-09-11 12:37 . 2008-09-11 12:37 <DIR> d-------- C:\Users\Room Guest\AppData\Roaming\Nero
2008-09-11 12:37 . 2008-09-11 12:37 <DIR> d-------- C:\Users\Room Guest\AppData\Roaming\MySpace
2008-09-11 12:37 . 2008-09-20 23:54 <DIR> d-------- C:\Users\Room Guest\AppData\Roaming\DNA
2008-09-10 21:38 . 2008-09-10 21:40 <DIR> d-------- C:\Users\JReich\AppData\Roaming\IGN_DLM
2008-09-10 21:38 . 2008-09-10 21:38 <DIR> d-------- C:\Program Files\Download Manager
2008-09-10 19:57 . 2008-10-09 12:03 69 --a------ C:\Windows\NeroDigital.ini
2008-09-10 19:31 . 2008-09-10 19:31 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-09-10 19:13 . 2008-09-10 19:13 <DIR> d-------- C:\Users\JReich\AppData\Roaming\Nero
2008-09-10 19:11 . 2008-09-10 19:11 <DIR> d-------- C:\Users\All Users\Nero
2008-09-10 19:11 . 2008-09-10 19:11 <DIR> d-------- C:\ProgramData\Nero
2008-09-10 19:11 . 2008-09-10 19:11 <DIR> d-------- C:\Program Files\Nero
2008-09-10 19:11 . 2008-09-10 19:12 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-09-10 18:36 . 2008-09-10 18:38 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-09-10 18:36 . 2008-09-10 18:38 <DIR> d-------- C:\ProgramData\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-09 20:05 --------- d-----w C:\ProgramData\Google Updater
2008-10-09 17:37 --------- d-----w C:\Program Files\PowerArchiver
2008-10-09 07:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-09 07:42 --------- d-----w C:\Program Files\EA Games
2008-10-07 23:11 --------- d-----w C:\Users\JReich\AppData\Roaming\LimeWire
2008-10-07 02:15 --------- d-----w C:\Program Files\Google
2008-10-07 00:42 33,962,595 ----a-w C:\Windows\Internet Logs\vsmon_on_demand_2008_10_05_12_47_07_full.dmp.zip
2008-10-05 19:43 34,019,072 ----a-w C:\Windows\Internet Logs\vsmon_on_demand_2008_10_04_18_22_37_full.dmp.zip
2008-10-05 01:15 33,884,150 ----a-w C:\Windows\Internet Logs\vsmon_on_demand_2008_10_04_18_14_37_full.dmp.zip
2008-10-05 01:07 --------- d-----w C:\Users\JReich\AppData\Roaming\BitTorrent
2008-10-03 04:32 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-28 20:43 --------- d-----w C:\Program Files\Java
2008-09-26 23:01 --------- d-----w C:\Program Files\TeamViewer3
2008-09-26 08:22 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-24 05:13 --------- d-----w C:\Program Files\Common Files\Steam
2008-09-23 01:50 --------- d-----w C:\Program Files\Electronic Arts
2008-09-20 17:16 139,664 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-09-20 17:16 111,928 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-09-16 06:23 --------- d-----w C:\Users\JReich\AppData\Roaming\TeamViewer
2008-09-12 19:31 --------- d-----w C:\Program Files\Windows Mail
2008-09-09 22:27 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-09 07:35 --------- d-----w C:\Users\JReich\AppData\Roaming\Apple Computer
2008-09-09 07:35 --------- d-----w C:\ProgramData\Apple Computer
2008-09-09 07:35 --------- d-----w C:\Program Files\iTunes
2008-09-09 07:35 --------- d-----w C:\Program Files\iPod
2008-09-09 07:35 --------- d-----w C:\Program Files\Bonjour
2008-09-09 07:34 --------- d-----w C:\Program Files\QuickTime
2008-09-09 07:34 --------- d-----w C:\Program Files\Apple Software Update
2008-09-09 07:33 --------- d-----w C:\ProgramData\Apple
2008-09-09 07:33 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-09 04:24 --------- d-----w C:\Program Files\MSXML 4.0
2008-09-07 05:08 --------- d-----w C:\Program Files\America's Army Server Manager
2008-09-07 05:06 --------- d-----w C:\Program Files\Logs
2008-09-07 01:07 --------- d-----w C:\Program Files\America's Army
2008-09-06 19:42 --------- d-----w C:\ProgramData\Logishrd
2008-09-06 19:34 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-09-06 19:33 --------- d-----w C:\ProgramData\Logitech
2008-09-06 19:33 --------- d-----w C:\Program Files\Logitech
2008-09-06 06:00 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2008-09-04 21:47 --------- d-----w C:\Users\Room Guest\AppData\Roaming\InstallShield
2008-09-04 19:06 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-09-04 02:54 --------- d-----w C:\ProgramData\Messenger Plus!
2008-09-04 02:44 --------- d-----w C:\Program Files\MagicDisc
2008-09-04 02:40 --------- d-----w C:\ProgramData\ConeXware
2008-09-04 01:57 --------- d-----w C:\Program Files\BitTorrent
2008-09-03 21:46 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-03 21:44 --------- d-----w C:\Program Files\Windows Live
2008-09-03 21:43 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-03 21:42 --------- d-----w C:\ProgramData\WLInstaller
2008-09-03 21:33 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-09-03 19:10 --------- d-----w C:\Program Files\LimeWire
2008-08-25 22:36 17,408 ----a-r C:\Windows\System32\SZIO5.dll
2008-08-25 22:35 262,144 ----a-r C:\Windows\System32\SZBase5.dll
2008-08-21 21:39 364,544 ----a-r C:\Windows\System32\IS3DBA5.dll
2008-08-21 21:39 126,976 ----a-r C:\Windows\System32\IS3HTUI5.dll
2008-08-21 21:38 61,440 ----a-r C:\Windows\System32\IS3Hks5.dll
2008-08-21 21:38 372,736 ----a-r C:\Windows\System32\IS3UI5.dll
2008-08-21 21:38 23,040 ----a-r C:\Windows\System32\IS3XDat5.dll
2008-08-21 21:37 94,208 ----a-r C:\Windows\System32\IS3Inet5.dll
2008-08-21 21:37 90,112 ----a-r C:\Windows\System32\IS3Svc5.dll
2008-08-21 21:37 212,992 ----a-r C:\Windows\System32\IS3Win325.dll
2008-08-21 21:34 708,608 ----a-r C:\Windows\System32\IS3Base5.dll
2008-08-13 01:40 228,672 ----a-w C:\Windows\system32\drivers\bdfsfltr.sys
2008-08-13 01:40 108,864 ----a-w C:\Windows\system32\drivers\bdfm.sys
2008-08-11 20:22 39,680 ----a-r C:\Windows\system32\drivers\SZKG.sys
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 05:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot_2008-10-08_20.46.22.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-07 23:27:26 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-10 05:04:47 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-10-07 23:27:26 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-10-10 05:04:47 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-10-09 03:38:08 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-10 05:06:34 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-10-07 23:29:35 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-10 05:06:40 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-10 05:06:40 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-10-08 19:04:54 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-10 05:05:53 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-08 19:04:54 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-10 05:05:53 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-08 19:04:54 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-10 05:05:53 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-07 23:34:15 106,014 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-10-10 05:12:06 106,014 ----a-w C:\Windows\System32\perfc009.dat
- 2008-10-07 23:34:15 607,118 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-10-10 05:12:06 607,118 ----a-w C:\Windows\System32\perfh009.dat
- 2008-10-07 04:09:19 6,954 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-211023370-562865107-2750974251-1000_UserData.bin
+ 2008-10-10 05:06:43 6,970 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-211023370-562865107-2750974251-1000_UserData.bin
- 2008-10-07 23:30:10 86,298 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-10 05:06:43 86,800 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-10-07 04:06:28 2,694 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-10-10 04:57:16 2,694 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-10-07 17:42:51 50,854 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-10-10 05:06:37 50,854 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\JReich\AppData\Local\Google\Update\GoogleUpdate.exe" [2007-12-31 133104]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-31 39408]
"PowerArchiver Tray"="C:\Program Files\PowerArchiver\PASTARTER.EXE" [2007-11-30 140328]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2008-08-01 1103216]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-08-22 2363392]
"DW6"="C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-09-16 789616]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-10-07 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 51048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-09-28 144792]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-11-28 134808]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 959976]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" [2008-10-07 716800]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" [2008-08-10 69632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2008-01-18 40072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]

C:\Users\JReich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-09-03 575488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-211023370-562865107-2750974251-1000]
"EnableNotificationsRef"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-211023370-562865107-2750974251-1003]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{20151F37-D5DB-4C53-B1AD-1E578104EADB}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{330B137B-F3F6-4222-9552-51AEF81F4568}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{52991664-B90F-4151-B86D-D01262A177A4}"= UDP:C:\Program Files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{92038279-0961-4F53-B110-AA09E5AD0773}"= TCP:C:\Program Files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{5CEC54C6-B86C-4576-878F-3EF8135154BA}"= UDP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{0DA40D13-FD95-4600-B4C2-E05F4530D8C8}"= TCP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"TCP Query User{71E9CE1B-DD88-402B-9841-E3E2A4BCCBE1}C:\\program files\\valve\\steam\\steamapps\\jordanreich\\counter-strike\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\jordanreich\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{1CD45851-88A9-4896-BE4F-0970A6F29CE5}C:\\program files\\valve\\steam\\steamapps\\jordanreich\\counter-strike\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\jordanreich\counter-strike\hl.exe:Half-Life Launcher
"{97661A0C-6957-4947-91F1-B37A94155CDF}"= C:\Program Files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{11F72510-5C5E-4270-88D5-D40A810E2199}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6C0DC9DD-FC18-4258-ADD8-7AF44A7A4BBF}"= UDP:C:\Program Files\DNA\btdna.exe:DNA (TCP-In)
"{AF64336A-B398-4EB9-8680-C47C6E04B216}"= TCP:C:\Program Files\DNA\btdna.exe:DNA (UDP-In)
"{74158EB2-BE5C-4D16-B187-99F100DBC134}"= UDP:C:\Program Files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{903F07AA-55A8-4C89-9402-11968DBF26B1}"= TCP:C:\Program Files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
"{B29B1DBD-F06D-4D1B-BF61-7B9D51EB627F}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{50B142B0-BB17-49AA-AC95-F9859BA5355C}C:\\program files\\valve\\steam\\steamapps\\jordanreich\\condition zero\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\jordanreich\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{C7512FDD-4C79-4352-BAF6-D7117243FCDB}C:\\program files\\valve\\steam\\steamapps\\jordanreich\\condition zero\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\jordanreich\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{D98CBC31-9838-47B0-93C1-934F64E43F93}C:\\program files\\ea games\\command & conquer the first decade\\command & conquer red alert™ ii\\ra2\\gamemd.exe"= UDP:C:\program files\ea games\command & conquer the first decade\command & conquer red alert™ ii\ra2\gamemd.exe:Main executable for Yuri's Revenge
"UDP Query User{68562323-85AC-46A8-A3C8-A804254EC053}C:\\program files\\ea games\\command & conquer the first decade\\command & conquer red alert™ ii\\ra2\\gamemd.exe"= TCP:C:\program files\ea games\command & conquer the first decade\command & conquer red alert™ ii\ra2\gamemd.exe:Main executable for Yuri's Revenge
"TCP Query User{F7F3D694-992B-4500-8E1D-2AC012EC470D}C:\\program files\\valve\\steam\\steamapps\\jordanreich\\day of defeat\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\jordanreich\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{68862D22-3EB8-46C3-8E53-6FF97DD911E8}C:\\program files\\valve\\steam\\steamapps\\jordanreich\\day of defeat\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\jordanreich\day of defeat\hl.exe:Half-Life Launcher
"TCP Query User{3692EDF1-491F-486B-B66B-7AEC282DF653}C:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:C:\program files\wolfenstein - enemy territory\et.exe:ET
"UDP Query User{3D1AC69C-6F28-4BCA-B53A-D6D3E5F9AC13}C:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:C:\program files\wolfenstein - enemy territory\et.exe:ET
"TCP Query User{EAC58435-98EA-4075-9915-18FBD3CDC420}C:\\program files\\america's army\\system\\server.exe"= UDP:C:\program files\america's army\system\server.exe:Server
"UDP Query User{B3F29440-FBC8-426E-A7C2-FE5BD34049F7}C:\\program files\\america's army\\system\\server.exe"= TCP:C:\program files\america's army\system\server.exe:Server
"TCP Query User{C6B29052-94EB-464D-AF36-8B60F6A277B4}C:\\program files\\america's army\\system\\armyops.exe"= UDP:C:\program files\america's army\system\armyops.exe:ArmyOps
"UDP Query User{B69BE04C-8055-440F-9544-CC8EE7686D22}C:\\program files\\america's army\\system\\armyops.exe"= TCP:C:\program files\america's army\system\armyops.exe:ArmyOps
"{B6AE9A9E-A1AF-4B11-83FA-3D4AD541FE66}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{79647923-F214-4692-B0EB-D69EBBDFCA1C}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{C24C8CCA-B556-4527-87B4-F4DFCB8BF1BC}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{BCE69331-1056-44BC-B5A8-7BE32087D1DD}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{3BE1C123-222E-4345-B37A-A9D911464EDC}"= UDP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk
"{9FD72C25-1A04-4403-BFBE-F78BD96B9E4D}"= TCP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk
"TCP Query User{BD15B1FB-7909-4430-B8C8-64B1425D1180}C:\\program files\\electronic arts\\battlefield 2142 server\\bf2142_w32ded.exe"= UDP:C:\program files\electronic arts\battlefield 2142 server\bf2142_w32ded.exe:BF2142_w32ded
"UDP Query User{1D192D12-414E-4310-BF17-895737EE5F63}C:\\program files\\electronic arts\\battlefield 2142 server\\bf2142_w32ded.exe"= TCP:C:\program files\electronic arts\battlefield 2142 server\bf2142_w32ded.exe:BF2142_w32ded
"{B2778A0E-8374-4783-8744-FD2D9FC9F418}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{27755CDD-7C9B-4E35-B3D5-E9838772DCF1}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{84544CEA-D9CD-4137-A61C-79C4F1E5F7D9}C:\\program files\\teamviewer3\\teamviewer.exe"= UDP:C:\program files\teamviewer3\teamviewer.exe:TeamViewer Remote Control Application
"UDP Query User{E1E7C501-8F37-4EA6-AA67-35F51CC880D5}C:\\program files\\teamviewer3\\teamviewer.exe"= TCP:C:\program files\teamviewer3\teamviewer.exe:TeamViewer Remote Control Application
"{BD73D9E0-5A36-4AFA-9F86-DB065CC366C1}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{2C965DDB-27A6-4EA0-9D78-A158C5B67AC1}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"TCP Query User{FA3BC99B-25BE-4635-BF09-C8FF96177102}C:\\users\\jreich\\appdata\\local\\google\\chrome\\application\\chrome.exe"= UDP:C:\users\jreich\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"UDP Query User{72F3FFE7-6DB3-49E7-A5BE-D12C406F4107}C:\\users\\jreich\\appdata\\local\\google\\chrome\\application\\chrome.exe"= TCP:C:\users\jreich\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"{53E8FBC5-F735-48B3-B6AF-5D64DE8D4492}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{102F610D-86D1-4685-962D-10B1E957C667}C:\\program files\\vuze\\azureus.exe"= UDP:C:\program files\vuze\azureus.exe:Azureus
"UDP Query User{93FA5C7E-43D2-4A7E-9519-18AA47765BDD}C:\\program files\\vuze\\azureus.exe"= TCP:C:\program files\vuze\azureus.exe:Azureus
"TCP Query User{4C0F9920-0D03-4F95-8348-5DC6E28D33B3}C:\\program files\\vuze\\testobject1.exe"= UDP:C:\program files\vuze\testobject1.exe:TestObject1
"UDP Query User{48B3CDB2-657C-4D09-B8BA-6BAD67CD98CE}C:\\program files\\vuze\\testobject1.exe"= TCP:C:\program files\vuze\testobject1.exe:TestObject1
"{34C71E25-E016-4349-8B62-1608FC7063A8}"= UDP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{A14C48C4-512F-4E24-9BF6-1B455F3B5BBD}"= TCP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{88462627-83C7-46AC-9988-A0B264EF81E2}"= UDP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{60FA970B-AB27-4183-8CF4-801BF6C9D125}"= TCP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 28544]
R0 szkg5;szkg;C:\Windows\system32\DRIVERS\szkg.sys [2008-08-11 39680]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
R2 TeamViewer;TeamViewer 3;C:\Program Files\TeamViewer3\TeamViewer_Service.exe [2008-09-25 181544]
R3 bdfm;BDFM;C:\Windows\system32\drivers\bdfm.sys [2008-08-12 108864]
R3 SaiH0464;SaiH0464;C:\Windows\system32\DRIVERS\SaiH0464.sys [2008-03-31 136832]
S3 Arrakis3;BitDefender Arrakis Server;C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
S3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-05-11 43520]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-09-23 92656]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{097cdedc-0201-11dd-b259-806e6f6e6963}]
\shell\AutoRun\command - E:\Autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2008-10-10 C:\Windows\Tasks\GoogleUpdateTaskUser.job
- C:\Users\JReich\AppData\Local\Google\Update\GoogleUpdate.exe [2007-12-31 13:57]

2008-10-10 C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-07 10:42]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5668E
R0 -: HKLM-Main,Start Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5668E
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: Add to Google Photos Screensa&ver
O8 -: E&xport to Microsoft Excel
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-09 22:14:06
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-09 22:16:01
ComboFix-quarantined-files.txt 2008-10-10 05:15:55
ComboFix2.txt 2008-10-09 05:27:42
ComboFix3.txt 2008-10-09 03:47:07
ComboFix4.txt 2008-10-07 01:47:03

Pre-Run: 212,258,418,688 bytes free
Post-Run: 212,252,655,616 bytes free

421 --- E O F --- 2008-09-21 06:55:21


HIJACKTHIS LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:11 PM, on 10/9/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Users\JReich\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Windows\Explorer.exe
C:\Users\JReich\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\JReich\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...P&M=GT5668E
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...P&M=GT5668E
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\JReich\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Service.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12834 bytes


Thanks Again

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:03 PM

Posted 10 October 2008 - 01:55 AM

Hello,

Looks good. :thumbsup:

Please delete ComboFix and its accompanying folder C:\Qoobox. Empty your Recycle bin and reboot your computer.

How is it running please? :)

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:03 PM

Posted 02 November 2008 - 09:58 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users